version: Update containerd version to 1.3.0

[amshinde]

These include features like privileged containers without host devices
and support for per runtime annotations.

Signed-off-by: Archana Shinde [email protected]

[amshinde]

/test

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (master@da98191). Click here to learn what that means.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master    #2100   +/-   ##
=========================================
  Coverage          ?   52.67%           
=========================================
  Files             ?      110           
  Lines             ?    16450           
  Branches          ?        0           
=========================================
  Hits              ?     8665           
  Misses            ?     6743           
  Partials          ?     1042

[egernst]

Yikes, CI really didn’t like this PR.

[amshinde]

/test

[amshinde]

@egernst Yeah, lets try this one more time.

[amshinde]

/test

[jodh-intel]

Could you add the changes to containerd in the commit?

All the CI's seem to be failing attempting to build CNI plugins.

[amshinde]

/test

[bergwolf]

Since privileged containers without host devices is kind of unique to kata, could you add a test case to validate it (after merging this PR)?

[amshinde]

/test

[GabyCT]

@amshinde if this PR is related with kata-containers/tests#2003 then you need to put Depends-on on the commit

[amshinde]

@GabyCT I did put it on the commit.

[amshinde]

/test

[amshinde]

/test

[grahamwhaley]

nudge - any plans for this @amshinde @egernst

[amshinde]

@grahamwhaley I will be looking at this again to fix the CI failures.

[caoruidong]

/retest

[amshinde]

/test

[amshinde]

@chavafg I suspect this PR has been failing as the VM instances do not seem to support ipv6 in spite of trying to enable it with this PR: kata-containers/tests#2003
Do you know if I am missing something for enabling this, does this need to be requested from azure while creating the instances itself.

[chavafg]

@amshinde I am not sure, but reading some internet resources it seems that we need to make further configuration to enable ipv6. Will check how to do it and how to enable it using our jenkins plugin.

[amshinde]

@chavafg For now, I have avoided using ipv6 with kata-containers/tests#2029 by not using the cni config file that comes with containerd which included ipv6 routes.
I wanted to check if this would really resolve the errors related to ipv6 that I was seeing.
While I no longer see the ipv6 errors in the shimv2 tests, I am now seeing errors in the k8s tests with containerd. containerd seems to exit after starting successfully:

Oct 31 00:16:46 ubuntu1804-azurecf2320 containerd[7607]: time="2019-10-31T00:16:46.165132668Z" level=info msg=serving... address="/run/containerd/containerd.sock"
Oct 31 00:16:46 ubuntu1804-azurecf2320 containerd[7607]: time="2019-10-31T00:16:46.165155668Z" level=info msg="containerd successfully booted in 0.165919s"
Oct 31 00:32:57 ubuntu1804-azurecf2320 systemd[1]: containerd.service: Current command vanished from the unit file, execution of the command list won't be resumed.
Init cluster using /run/containerd/containerd.sock
[init] Using Kubernetes version: v1.15.3
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
	[ERROR CRI]: container runtime is not running: output: time="2019-10-31T00:41:45Z" level=fatal msg="getting status of runtime failed: rpc error: code = Unimplemented desc = unknown service runtime.v1alpha2.RuntimeService"

@jcvenegas Do you have any input on this? I know you had added the initial commit to switch to testing with the cni config provided by containerd. Was this added to address a certain failure that I am not aware of.

[amshinde]

@chavafg I am seeing that containerd process exits while doing a kubeadm init.
It would be good to see the containerd journal at this point.
I dont see the containerd logs: http://jenkins.katacontainers.io/job/kata-containers-runtime-cri-containerd-PR/1699/
Can we make them available?

[chavafg]

@amshinde I opened kata-containers/tests#2035 to collect them in the CI

[amshinde]

@chavafg Thanks, I have merged it. Will the entire CI need to be rerun again?
Feel free to trigger what you think needs to be done.

[amshinde]

/test

[amshinde]

@lifupan containerd-cri CI seems to be failing. I dont see much from the containerd logs other than

Nov 01 17:33:17 ubuntu1804-azure7e00c0 containerd[19005]: time="2019-11-01T17:33:17.298016926Z" level=info msg="loading plugin "io.containerd.grpc.v1.introspection"..." type=io.containerd.grpc.v1
Nov 01 17:33:17 ubuntu1804-azure7e00c0 containerd[19005]: time="2019-11-01T17:33:17.298287844Z" level=info msg=serving... address="/run/containerd/containerd.sock"
Nov 01 17:33:17 ubuntu1804-azure7e00c0 containerd[19005]: time="2019-11-01T17:33:17.298311145Z" level=info msg="containerd successfully booted in 0.343453s"
Nov 01 17:43:03 ubuntu1804-azure7e00c0 systemd[1]: containerd.service: Current command vanished from the unit file, execution of the command list won't be resumed.
Nov 01 17:51:42 ubuntu1804-azure7e00c0 systemd[1]: Stopping containerd container runtime...
Nov 01 17:51:42 ubuntu1804-azure7e00c0 systemd[1]: Stopped containerd container runtime.

Do you have any idea? I was able to run containerd 1.3.0 with kata shimv1 and v2 locally.

[lifupan]

@lifupan containerd-cri CI seems to be failing. I dont see much from the containerd logs other than

Nov 01 17:33:17 ubuntu1804-azure7e00c0 containerd[19005]: time="2019-11-01T17:33:17.298016926Z" level=info msg="loading plugin "io.containerd.grpc.v1.introspection"..." type=io.containerd.grpc.v1
Nov 01 17:33:17 ubuntu1804-azure7e00c0 containerd[19005]: time="2019-11-01T17:33:17.298287844Z" level=info msg=serving... address="/run/containerd/containerd.sock"
Nov 01 17:33:17 ubuntu1804-azure7e00c0 containerd[19005]: time="2019-11-01T17:33:17.298311145Z" level=info msg="containerd successfully booted in 0.343453s"
Nov 01 17:43:03 ubuntu1804-azure7e00c0 systemd[1]: containerd.service: Current command vanished from the unit file, execution of the command list won't be resumed.
Nov 01 17:51:42 ubuntu1804-azure7e00c0 systemd[1]: Stopping containerd container runtime...
Nov 01 17:51:42 ubuntu1804-azure7e00c0 systemd[1]: Stopped containerd container runtime.

Do you have any idea? I was able to run containerd 1.3.0 with kata shimv1 and v2 locally.

Hi @amshinde

I think PR kata-containers/tests#2043 can fix this issue.

[jcvenegas]

/test

[amshinde]

@lifupan Thanks, looks like that did help. I have added another commit to update containerd config here : kata-containers/tests@61725d5

But looks like one of storage tests is failing now.

[amshinde]

/test

[amshinde]

I have tried reproducing the failures locally. Even tried running the kubernetes CI on an Azure instance.
However I do not see any failures locally. So I don't understand why the storage test is failing in the CI here.
The containerd CI run for this PR shows storage test fails when the the pod does a mount, but the pod has been given CAP_SYS_ADMIN capabilities, so I do not see why the mount should fail, unless some weird apparmor issues.
@lifupan Any idea about this? Let me know if you are able to reproduce the issue.

@chavafg Let me know if you can reproduce the containerd CI issue, if you have nay cycles.

[chavafg]

Hi @amshinde,

I could reproduce the issue and tried to debug... but it seems that containerd tests are not even running kata. I see pod up, but no kata process. Also the journals of kata-runtime and proxy are empty.
Continue checking the issue.

[chavafg]

seems like changes here https://github.com/kata-containers/tests/pull/2029/files#diff-69bf746790abbecab6afee63f20ad2f7L29-R36 are not working correctly, could you make them work locally?

[amshinde]

/test

[amshinde]

/test