removing nat network from containerd config and pointing to WIP PR for configuring CNI w/ (#254)

containerd

Signed-off-by: Mark Rossetti <[email protected]>

Signed-off-by: Mark Rossetti <[email protected]>

Author: marosset

guides/guide-for-adding-windows-node.md

@@ -3,6 +3,10 @@
 
 You can use Kubernetes to run a mixture of Linux and Windows nodes, so you can mix Pods that run on Linux on with Pods that run on Windows. This is a guide on how to register Windows nodes to your cluster.
 
+## Warning
+
+> The instructions and scripts in the directory DO NOT configure a CNI solution for Windows nodes running containerd.
+There is a work-in-progress PR to assist in this at https://github.com/kubernetes-sigs/sig-windows-tools/pull/239
 
 ## Before you begin
 
@@ -12,21 +16,17 @@ Your Kubernetes server must be at or later than version 1.22. To check the versi
 
 - A Linux-based Kubernetes kubeadm cluster in which you have access to the control plane (see [Creating a single control-plane cluster with kubeadm](https://kubernetes-docsy-staging.netlify.app/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/)).
 
-
 ## Objectives
 
 - Register a Windows node to the cluster
 - Configure networking so Pods and Services on Linux and Windows can communicate with each other
 
-
 ## Getting Started: Adding a Windows Node to Your Cluster
 
-
 ### Networking Configuration
 
 Once you have a Linux-based Kubernetes control-plane node you are ready to choose a networking solution.
 
-
 #### Configuring Flannel with rancher
 
 1. Prepare Kubernetes control plane for Flannel
@@ -61,7 +61,7 @@ net-conf.json: |
 
 > **Note:** The VNI must be set to 4096 and port 4789 for Flannel on Linux to interoperate with Flannel on Windows. See the [VXLAN documentation](https://github.com/coreos/flannel/blob/master/Documentation/backends.md#vxlan). for an explanation of these fields.
 
->  **Note:** To use L2Bridge/Host-gateway mode instead change the value of `Type` to `"host-gw"` and omit `VNI` and `Port`.
+> **Note:** To use L2Bridge/Host-gateway mode instead change the value of `Type` to `"host-gw"` and omit `VNI` and `Port`.
 
 3. Apply the Flannel manifest and validate
 
@@ -106,10 +106,9 @@ git clone https://github.com/kubernetes-sigs/sig-windows-tools
 kubectl apply -f sig-windows-tools/kubeadm/flannel/kube-flannel-rbac.yml
 ```
 
-
 ### Joining a Windows worker node
 
->  **Note:** All code snippets in Windows sections are to be run in a PowerShell environment with elevated permissions (Administrator) on the Windows worker node.
+> **Note:** All code snippets in Windows sections are to be run in a PowerShell environment with elevated permissions (Administrator) on the Windows worker node.
 
 1. Install ContainerD, wins, kubelet, and kubeadm.
 
@@ -124,22 +123,21 @@ cd .\sig-windows-tools\kubeadm\scripts\
 .\PrepareNode.ps1 -KubernetesVersion v1.24.3 -ContainerRuntime containerD
 ```
 
->  **Note** If you want to install another version of kubernetes, modify v1.24.3 with the version you want to install
-
+> **Note** If you want to install another version of kubernetes, modify v1.24.3 with the version you want to install
 
 2. Run `kubeadm` to join the node
->  **Note** Before joining the node, copy the file from /run/flannel/subnet.env to your windows machine to C:\run\flannel\subnet.env
->  You will need to create the folders for it
+
+> **Note** Before joining the node, copy the file from /run/flannel/subnet.env to your windows machine to C:\run\flannel\subnet.env
+> You will need to create the folders for it
 
 Use the command that was given to you when you ran `kubeadm init` on a control plane host. If you no longer have this command, or the token has expired, you can run `kubeadm token create --print-join-command` (on a control plane host) to generate a new token and join command.
 
->  **Note:** Do not forget to add `--cri-socket "npipe:////./pipe/containerd-containerd" --v=5` at the end of the join command, if you use ContainerD
+> **Note:** Do not forget to add `--cri-socket "npipe:////./pipe/containerd-containerd" --v=5` at the end of the join command, if you use ContainerD
 
 3. Install kubectl for windows (optional)
 
 For more information about it : https://kubernetes.io/docs/tasks/tools/install-kubectl-windows/
 
-
 #### Verifying your installation
 
 You should now be able to view the Windows node in your cluster by running:
@@ -154,4 +152,4 @@ If your new node is in the `NotReady` state it is likely because the flannel ima
 kubectl -n kube-system get pods -l app=flannel
 ```
 
-Once the flannel Pod is running, your node should enter the `Ready` state and then be available to handle workloads.
+Once the flannel Pod is running, your node should enter the `Ready` state and then be available to handle workloads.

hostprocess/README.md

@@ -1,23 +1,19 @@
 # HostProcess examples
 
 This contains examples of services running as [HostProcess](https://kubernetes.io/docs/tasks/configure-pod-container/create-hostprocess-pod/) 
-containers.  HostProcess is an alpha feature in Kubernetes 1.22. 
+containers.  HostProcess went beta in Kubernetes v1.23 and stable in Kubernetes v1.26.
 
-The eventual goal is to move many of these examples to the corresponding repositories.  
+The eventual goal is to move many of these examples to the corresponding repositories.
 
 ## Requirements
 
-The CNI examples currently require the containerd 1.6+: https://github.com/containerd/containerd/releases/tag/v1.6.0-beta.1
+HostProcess containers require containerd v1.6 or later.
 
-For convenience there is a nightly job in the repository that builds the required components: https://github.com/kubernetes-sigs/sig-windows-tools/releases/tag/windows-containerd-nightly
+For convenience there is a nightly job in the repository that builds the required components: https://github.com/kubernetes-sigs/sig-windows-tools/releases/tag/windows-containerd-nightly.
 
 > Docker does not support HostProcess containers. These images will not work with Docker.
 
-## Future Improvements 
-
-These scripts are based off the initial Docker implementation in https://github.com/kubernetes-sigs/sig-windows-tools/tree/master/kubeadm.  
-Ideally these should use init containers (possible written in golang) to install and configure the binaries as is done with Linux.  Then the
-main container can run the required components for a given CNI.
+## Future Improvements
 
 kube-proxy has slightly different configurations (sourcevip as example) across cni's so they are split into separate folder for each. Kubeadm should create and configure kube-proxy for windows appropriately during node initialization.
 

kubeadm/scripts/Install-Containerd.ps1

@@ -7,7 +7,6 @@ This script
 - Verifies that Windows Features requried for running contianers are enabled (and enables then if they are not)
 - Downloads ContainerD binaries from from at the version specified.
 - Downloads Windows SND CNI plugins.
-- Sets up a basic nat networking config for ContainerD to use until another CNI is configured
 - Registers ContainerD as a windows service.
 
 .PARAMETER ContainerDVersion
@@ -23,7 +22,7 @@ PS> .\Install-Conatinerd.ps1
 
 Param(
     [parameter(HelpMessage = "ContainerD version to use")]
-    [string] $ContainerDVersion = "1.4.1",
+    [string] $ContainerDVersion = "1.6.8",
     [parameter(HelpMessage = "Name of network adapter to use when configuring basic nat network")]
     [string] $netAdapterName = "Ethernet"
 )
@@ -40,48 +39,6 @@ function DownloadFile($destination, $source) {
     }
 }
 
-<#
-.DESCRIPTION
-Computes a subnet for a gateway from the IPv4 IPAddress and PrefixLength properties
-for a given network adapter. This value is used for IPAM in a nat CNI config required for
-containerd.
-
-.NOTES 
-This logic is adapted from 
-https://github.com/containerd/containerd/blob/4a6b47d470d9f2dfc3d49f2819b968861dfa123e/script/setup/install-cni-windows
-
-.EXAMPLE
-PS> CalculateSubNet -gateway 172.16.5.8 -prefixLength 24
-172.16.5.0/8
-#>
-function CalculateSubNet {
-    param (
-        [string]$gateway,
-        [int]$prefixLength
-    )
-    $len = $prefixLength
-    $parts = $gateway.Split('.')
-    $result = @()
-    for ($i = 0; $i -le 3; $i++) {
-        if ($len -ge 8) {
-            $mask = 255
-
-        }
-        elseif ($len -gt 0) {
-            $mask = ((256 - 2 * (8 - $len)))
-        }
-        else {
-            $mask = 0
-        }
-        $len -= 8
-        $result += ([int]$parts[$i] -band $mask)
-    }
-
-    $subnetIp = [string]::Join('.', $result)
-    $cidr = 32 - $prefixLength
-    return "${subnetIp}/$cidr"
-}
-
 $requiredWindowsFeatures = @(
     "Containers",
     "Hyper-V",
@@ -131,33 +88,6 @@ Write-Output "Getting SDN CNI binaries"
 DownloadFile "c:\opt\cni\cni-plugins.zip" https://github.com/microsoft/windows-container-networking/releases/download/v0.2.0/windows-container-networking-cni-amd64-v0.2.0.zip
 Expand-Archive -Path "c:\opt\cni\cni-plugins.zip" -DestinationPath "c:\opt\cni\bin" -Force
 
-Write-Output "Creating network config for nat network"
-$gateway = (Get-NetIPAddress -InterfaceAlias $netAdapterName -AddressFamily IPv4).IPAddress
-$prefixLength = (Get-NetIPAddress -InterfaceAlias $netAdapterName -AddressFamily IPv4).PrefixLength
-
-$subnet = CalculateSubNet -gateway $gateway -prefixLength $prefixLength
-
-@"
-{
-    "cniVersion": "0.2.0",
-    "name": "nat",
-    "type": "nat",
-    "master": "Ethernet",
-    "ipam": {
-        "subnet": "$subnet",
-        "routes": [
-            {
-                "GW": "$gateway"
-            }
-        ]
-    },
-    "capabilities": {
-        "portMappings": true,
-        "dns": true
-    }
-}
-"@ | Set-Content "c:\etc\cni\net.d\0-containerd-nat.json" -Force
-
 Write-Output "Registering ContainerD as a service"
 containerd.exe --register-service
 

kubeadm/scripts/README.md

@@ -0,0 +1,4 @@
+# Warning
+
+The instructions and scripts in the directory DO NOT configure a CNI solution for Windows nodes running containerd.
+There is a work-in-progress PR to assist in this at https://github.com/kubernetes-sigs/sig-windows-tools/pull/239