You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(chore) Docker and dockershim were removed from Kubernetes in version 1.24. This change removes all Docker-related installation, configuration, and runtime code from AgentBaker, as containerd is now the only supported container runtime.
**aks-node-controller/helpers/utils.go**
- Removed conditional logic for dockerShim flag removal
- Now unconditionally removes dockerShim flags since Docker is no longer supported
- Flags removed: `--cni-bin-dir`, `--cni-cache-dir`, `--cni-conf-dir`, `--docker-endpoint`, `--image-pull-progress-deadline`, `--network-plugin`, `--network-plugin-mtu`
**pkg/agent/baker.go**
- Applied same unconditional dockerShim flag removal in `ValidateAndSetLinuxNodeBootstrappingConfiguration()`
- Removed unused `profile` variable after eliminating containerd runtime check
- Removed template functions: `IsDockerContainerRuntime` and `RequiresDocker`
- Added comments explaining Docker removal in Kubernetes 1.24
**parts/linux/cloud-init/artifacts/cse_config.sh**
- Removed `ensureDocker()` function (lines 414-432)
- Function was responsible for starting Docker service and configuring daemon.json
**parts/linux/cloud-init/artifacts/cse_main.sh**
- Removed conditional Docker/containerd runtime selection
- Now always calls `ensureContainerd` since it's the only supported runtime
- Removed Docker login logic for private registry authentication
- Private registry auth is now handled through containerd configuration
**parts/linux/cloud-init/artifacts/cse_cmd.sh**
- Removed `NEEDS_DOCKER_LOGIN` template variable
- Variable was used to determine if Docker login was needed for private registries
**parts/linux/cloud-init/artifacts/cse_install.sh**
- Removed call to `installMoby()` in `installContainerRuntime()`
- Added shellcheck directive for `cleanupImagesRun()` function (unrelated fix)
**pkg/agent/datamodel/types.go**
- `NeedsContainerd()` method already updated to always return `true`
- `RequiresDocker()` method already deprecated and always returns `false`
- Both methods kept for backwards compatibility with clear deprecation comments
**pkg/agent/datamodel/types_test.go**
- Updated `TestHasContainerd` to expect `true` for all runtime configurations
- Updated test cases for Docker, empty string, and unexpected runtime values
- Updated `TestKubernetesConfig_RequiresDocker` to expect `false` for all cases
- Added explanatory comments about Kubernetes 1.24 Docker removal
- Regenerated all snapshot test data via `make generate`
- All Go tests pass successfully with new Docker-removed logic
The following kubelet flags were part of dockershim and are no longer valid:
- `--cni-bin-dir`: CNI binary directory
- `--cni-cache-dir`: CNI cache directory
- `--cni-conf-dir`: CNI configuration directory
- `--docker-endpoint`: Docker endpoint socket
- `--image-pull-progress-deadline`: Image pull progress deadline
- `--network-plugin`: Network plugin type
- `--network-plugin-mtu`: Network plugin MTU
- **Before**: Conditional logic checked `ContainerRuntime` config to decide between Docker and containerd
- **After**: Containerd is always used as the container runtime
- **Private Registry Auth**: Moved from `docker login` to containerd registry configuration
The following Docker/Moby-related code remains but is no longer called:
- `installMoby()` function in `parts/linux/cloud-init/artifacts/ubuntu/cse_install_ubuntu.sh`
- `removeMoby()` function in `parts/linux/cloud-init/artifacts/ubuntu/cse_install_ubuntu.sh`
- `ensureRunc()` function still exists (used by containerd)
These can be removed in a follow-up cleanup PR if desired.
- ✅ All Go unit tests pass
- ✅ Datamodel tests updated and passing
- ✅ Test data regenerated successfully
- ✅ Shellcheck validation passes (warnings are pre-existing style issues unrelated to this change)
- Kubernetes 1.24 removed dockershim: https://kubernetes.io/blog/2022/05/03/dockershim-historical-context/
- Docker/containerd migration: https://kubernetes.io/docs/tasks/administer-cluster/migrating-from-dockershim/
This change:
- Simplifies the codebase by removing Docker-specific logic
- Aligns with Kubernetes 1.24+ which only supports containerd (and CRI-compatible runtimes)
- Reduces maintenance burden by removing deprecated code paths
- Has no functional impact on AKS nodes as Docker has not been supported since Kubernetes 1.24
---
**Breaking Change**: This removes support for Docker runtime configurations. All clusters must use containerd (which has been the default and only supported runtime since Kubernetes 1.24).
Copy file name to clipboardExpand all lines: aks-node-controller/proto/README.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
This readme is to describe the new public data contract `AKSNodeConfig` between a bootstrap requester (client) and a Linux node to be bootstrapped and join an AKS cluster. The contract is defined in a set of proto files with [protobuf](https://protobuf.dev/). And we convert/compile all the proto files into specific programming languages. Currently we only convert to .go files for Go. We can convert to other languages if needed in the future. A simple way to compile the files to Go is to run this command at `AgentBaker/aks-node-controller` directory.
2
2
```
3
3
make proto-generate
4
-
```
4
+
```
5
5
Note: This command uses Docker to compile the proto files so you need to have Docker running otherwise you will see corresponing error message.
6
6
7
7
# Public data contract `AKSNodeConfig`
@@ -53,7 +53,7 @@ This table is describing the all the `AKSNodeConfig` Fields converted to .go fil
53
53
54
54
55
55
Removed old environment variables from cse_cmd.sh:
56
-
`CSE_HELPERS_FILEPATH`, `CSE_DISTRO_HELPERS_FILEPATH`, `CSE_INSTALL_FILEPATH`, `CSE_DISTRO_INSTALL_FILEPATH`, `CSE_CONFIG_FILEPATH`, `DHCPV6_SERVICE_FILEPATH`, `DHCPV6_CONFIG_FILEPATH`, `NEEDS_DOCKER_LOGIN`, `NEEDS_CONTAINERD`, `CLI_TOOL`, `CONTAINER_RUNTIME`, `MOBY_VERSION`, `HYPERKUBE_URL`, `SGX_NODE`, `GPU_DRIVER_TYPE` and more.
56
+
`CSE_HELPERS_FILEPATH`, `CSE_DISTRO_HELPERS_FILEPATH`, `CSE_INSTALL_FILEPATH`, `CSE_DISTRO_INSTALL_FILEPATH`, `CSE_CONFIG_FILEPATH`, `DHCPV6_SERVICE_FILEPATH`, `DHCPV6_CONFIG_FILEPATH`, `CLI_TOOL`, `MOBY_VERSION`, `HYPERKUBE_URL`, `SGX_NODE`, `GPU_DRIVER_TYPE` and more.
57
57
58
58
Many variables are changed to optional and we have a builder function as a helper to provide default values. For example, the builder function defaults `LinuxAdminUsername` to value `azureuser`, `OutboundCommand` to a default outbound command `curl -v --insecure --proxy-insecure https://mcr.microsoft.com/v2/`.
59
59
@@ -89,7 +89,7 @@ The default value for an unset string variable is an empty string.
89
89
If this variable’s value is unset, the consumer will get a nil value. With that, the feature owner can use this additional state (besides true and false for a bool) to add some logic to it.
90
90
91
91
Considering an evolution scenario where we should be adding a label `optional`. We will explain what the effect of adding this label is.
92
-
There is a new feature AwesomeFeature, which will replace an old feature OldFeature gradually. It is still in a pre-production state and is not ready in the VHD provisioning process yet. A dev adds a new variable AwesomeFeature to the contract and set it as false. The label `optional` should be added to this variable.
92
+
There is a new feature AwesomeFeature, which will replace an old feature OldFeature gradually. It is still in a pre-production state and is not ready in the VHD provisioning process yet. A dev adds a new variable AwesomeFeature to the contract and set it as false. The label `optional` should be added to this variable.
93
93
An evolutional scenario will look like this,
94
94
1. When AwesomeFeature is not yet available and the OldFeature is still running:
95
95
AwesomeFeature = false, OldFeature=true
@@ -110,7 +110,7 @@ Nevertheless, it’s not a big harm to use `optional` even though it’s not nee
110
110
1. Update corresponding .proto files to the data contract. Usually we start with `config.proto`.
111
111
2. From the `AgentBaker/aks-node-controller` directory run `make proto-generate` to compile the .proto definitions into `Go`; this regenerates the public API (the `AKSNodeConfig` Go types).
112
112
3. Tell how VHD should react to this new variable by updaing the bootscripts as you do before. Basically you will be modifying shell scripts like `install-dependencies.sh`, `cse_install.sh`, `cse_helpers.sh`, etc. You may also want to add some unit tests to spec files like `cse_install_spec.sh`, `cse_helpers.sh` to find bugs earlier.
113
-
4. On the VHD side, we are still invoking the bootstrap scripts under the hood. To set the environment variables of the CSE trigger command, add the desired variable to `getCSEEnv()` in [parser.go](https://github.com/Azure/AgentBaker/blob/dev/aks-node-controller/parser/parser.go). If you need to add a corresponding file to the VHD, please generate the file in the bootstrap scripts rather than adding to [`nodecustomdata.yml`](https://github.com/Azure/AgentBaker/blob/dev/parts/linux/cloud-init/nodecustomdata.yml) as this file will eventually be deprecated. Here is an [example](https://github.com/Azure/AgentBaker/commit/81ce18fb7f53acab3c7fe8f3a70b635baf1f2f52) for generating the kube CA cert.
113
+
4. On the VHD side, we are still invoking the bootstrap scripts under the hood. To set the environment variables of the CSE trigger command, add the desired variable to `getCSEEnv()` in [parser.go](https://github.com/Azure/AgentBaker/blob/dev/aks-node-controller/parser/parser.go). If you need to add a corresponding file to the VHD, please generate the file in the bootstrap scripts rather than adding to [`nodecustomdata.yml`](https://github.com/Azure/AgentBaker/blob/dev/parts/linux/cloud-init/nodecustomdata.yml) as this file will eventually be deprecated. Here is an [example](https://github.com/Azure/AgentBaker/commit/81ce18fb7f53acab3c7fe8f3a70b635baf1f2f52) for generating the kube CA cert.
114
114
115
115
Note: Node SIG is working on migrating all scripts to managable Go binary. Before it's done, the bootstrap scripts will still be used.
If the client (such as AKS-RP) doesn't specify a value for `EnableImdsRestriction`, it will default to `false`. You can see this defaulting logic in the generated `GetEnableImdsRestriction` method in `imdsrestrictionconfig.pb.go`.
148
+
If the client (such as AKS-RP) doesn't specify a value for `EnableImdsRestriction`, it will default to `false`. You can see this defaulting logic in the generated `GetEnableImdsRestriction` method in `imdsrestrictionconfig.pb.go`.
149
149
150
150
This should fit most use cases. However, if you need to explicitly distinguish between a client setting `false` versus not setting the value at all (which defaults to `false`), you'll need to use the `optional` label for explicit presence. In that case, refer to the earlier section _When to use the label `optional` specifically in `proto3`?_
151
151
152
152
4. Add comprehensive tests to cover your changes.
153
-
153
+
154
154
**Testing with AKSNodeConfig approach:**
155
155
- Add test cases using the `AKSNodeConfig` approach, such as `Test_AzureLinuxV2_ARM64_Scriptless` in `e2e/scenario_test.go`
156
156
- The key difference between the legacy and new approaches is the configuration interface:
0 commit comments