From 90d6b6ddf72b0f0bdb7041125188df8454bfb4b3 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Wed, 5 Feb 2025 17:44:30 +0000
Subject: [PATCH] WIP: working 1.7 containerd using crun

---
 kubezero/containerd/APKBUILD      | 13 +++++----
 kubezero/containerd/config.toml   |  8 ++++--
 kubezero/kubezero/APKBUILD        |  4 +--
 kubezero/kubezero/containerd.conf | 48 ++++++++++++++++++-------------
 4 files changed, 43 insertions(+), 30 deletions(-)

diff --git a/kubezero/containerd/APKBUILD b/kubezero/containerd/APKBUILD
index a421877..4c10884 100644
--- a/kubezero/containerd/APKBUILD
+++ b/kubezero/containerd/APKBUILD
@@ -4,15 +4,15 @@
 pkgname=containerd
 
 # NOTE: containerd's Makefile tries to get REVISION from git, but we're building from a tarball.
-_commit=207ad71
-pkgver=2.0.0
+_commit=bcc810d
+pkgver=1.7.25
 pkgrel=1337
 pkgdesc="An open and reliable container runtime"
 url="https://containerd.io/"
 arch="all"
 license="Apache-2.0"
 # we use crun
-#depends="runc"
+depends="crun"
 makedepends="btrfs-progs-dev go go-md2man libseccomp-dev log_proxy"
 subpackages="
 	$pkgname-ctr
@@ -108,6 +108,9 @@ package() {
 
 	install -d "$pkgdir"/etc/containerd/conf.d
 	install -Dm644 "$srcdir"/config.toml "$pkgdir"/etc/containerd/config.toml
+
+	# Provide runc as there seem to be various hardcoded runc refs unfortunately
+	cd $pkgdir/usr/bin && ln -s crun runc
 }
 
 openrc() {
@@ -127,8 +130,8 @@ stress() {
 }
 
 sha512sums="
-b1a89c4c53db2c69757bc40d90d585e2662ab4fffb28acb904f9710b281a9f22273ecdbab49250b229bf95b29cf1a33a352afb81967db7580ae209a83c5fb2ea  containerd-2.0.0.tar.gz
+83477f9ed1d5d0653f5a4829d1ac6299cdd8958ca5534de1b22d7b5858d0118e97c9d3ce4c5d58e5b06393be007007f7bf4ac511e1903d1fe407579fa96ab36d  containerd-1.7.25.tar.gz
 75a882a95167578bb4f289822256e770ecf2f74d7a50181e622c15e847383120d3622100e5e5629b94b58e2082f990de1cc3daa2f69b0ee48827072c1e9dde0e  containerd.confd
 8315a8d58b4ba7e19ebed2cd82c7b5eaab45da630f9818a9e6cc8f3c8e88f159432474299798f79e6e465e843c91c0f50df04030083c8913c385ea1d73e81e6a  containerd.initd
-a10a1e1b5deea30c156a786592bfc54597bcf2d45c4e6447182b72a7d0a5e2eb058698a8830dbace95e71176aa3070d123bcf75c4c4a36d814182c5d24fe9d71  config.toml
+dfb92fffeac35310956da6c6ad5f8c43eba3a5355ecbfabeec0f9c7445a08e309312b56b6855a17a471fd6012cc099d6abb39dc8bd26279112d0fe936624023d  config.toml
 "
diff --git a/kubezero/containerd/config.toml b/kubezero/containerd/config.toml
index 3e3225f..99cf35e 100644
--- a/kubezero/containerd/config.toml
+++ b/kubezero/containerd/config.toml
@@ -1,6 +1,8 @@
-version = 3
+version = 2
 
 imports = ["/etc/containerd/conf.d/*.toml"]
 
-[plugins.'io.containerd.cri.v1.runtime'.cni]
-  bin_dir = '/usr/libexec/cni'
+[plugins]
+  [plugins."io.containerd.grpc.v1.cri"]
+    [plugins."io.containerd.grpc.v1.cri".cni]
+      bin_dir = "/usr/libexec/cni"
diff --git a/kubezero/kubezero/APKBUILD b/kubezero/kubezero/APKBUILD
index 21cc9f2..6be8f9b 100644
--- a/kubezero/kubezero/APKBUILD
+++ b/kubezero/kubezero/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Stefan Reimer <stefan@zero-downtime.net>
 pkgname=kubezero
 pkgver=1.31.5
-_containerd=2.0.0-r1337
+_containerd=1.7.25-r1337
 _ecr=1.31.4
 _iam=0.6.29
 
@@ -94,6 +94,6 @@ ecb33fc3a0ffc378723624858002f9f5e180e851b55b98ab6611ecc6a73d4719bc7de240f87683fc
 fce1013f7b1bfa8ee526de62e642a37fda3168889723e873d3fb69e257f4caa1423b5a14b9343b12a87f3b6f93c7d3861b854efda67ef2d6a42a5ca8cf3d1593  evictLocalNode.sh
 92499ec9a8b3634c42b16c01d27f1c1bb650bcc074a2c8d9d16cfe2ea08942948989c6aae79bd2df562ff17df11bbc329e0971f15c4e64f944457825dee7aa79  credential-provider.yaml
 8b81eb0fb66e6a739965db6af6a31c443e8f612c06146bd51107372abd833b527423299ee11b27e011f46cfbee11415234b3fa0dea695dbbb06711e0ad58f08d  kubelet.monit
-dad818ca88a6b3404b155f145522ac07217f6812bdd3282f850ee84fdd94f602c857b62bb769a3e0273991b29a2cb9e8f57e005233c31a4171642b637e270f6c  containerd.conf
+87ce7affcaa88b42d20713ea4535f8e96c8c415ffda643b5a0687c120645ebd19dec09842204ef31208d447b52cbb91553dbd82480409f2ffadf767cbb251761  containerd.conf
 b112ffd86f095aec47bf75179659af20720792c453d6cc9d11db26446aa2f3c237fe59b793dd8ef3ee93f6fd4230ff8abadfdada76e6452779b982a71eb37cb9  crictl.yaml
 "
diff --git a/kubezero/kubezero/containerd.conf b/kubezero/kubezero/containerd.conf
index 0cdafb9..dcfb7d1 100644
--- a/kubezero/kubezero/containerd.conf
+++ b/kubezero/kubezero/containerd.conf
@@ -1,28 +1,36 @@
-version = 3
+version = 2
 
 oom_score = -999
 
-[plugins.'io.containerd.cri.v1.images'.pinned_images]
-  sandbox = 'registry.k8s.io/pause:3.10'
+[plugins]
+  [plugins."io.containerd.grpc.v1.cri"]
+    enable_cdi = true
+    sandbox_image = "registry.k8s.io/pause:3.9"
+    tolerate_missing_hugetlb_controller = false
 
-[plugins.'io.containerd.cri.v1.images'.registry]
-  config_path = '/etc/containerd/certs.d'
+    [plugins."io.containerd.grpc.v1.cri".cni]
+      bin_dir = "/usr/libexec/cni"
 
-[plugins.'io.containerd.monitor.v1.cgroups']
-  no_prometheus = true
+    [plugins."io.containerd.grpc.v1.cri".containerd]
+      default_runtime_name = "crun"
 
-[plugins.'io.containerd.cri.v1.runtime']
-  tolerate_missing_hugetlb_controller = false
-  [plugins.'io.containerd.cri.v1.runtime'.containerd]
-    default_runtime_name = 'crun'
+      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
 
-    [plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes]
-      [plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.crun]
-        runtime_type = 'io.containerd.runc.v2'
-        [plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.crun.options]
-          BinaryName = '/usr/bin/crun'
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.crun]
+          runtime_type = "io.containerd.runc.v2"
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.crun.options]
+            BinaryName = "/usr/bin/crun"
 
-      [plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.nvidia]
-        runtime_type = 'io.containerd.runc.v2'
-        [plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.nvidia.options]
-          BinaryName = '/usr/bin/nvidia-container-runtime'
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia]
+          runtime_type = "io.containerd.runc.v2"
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options]
+            BinaryName = "/usr/bin/nvidia-container-runtime"
+
+    [plugins."io.containerd.grpc.v1.cri".registry]
+      config_path = "/etc/containerd/certs.d"
+
+  [plugins."io.containerd.runtime.v1.linux"]
+    runtime = "crun"
+
+  [plugins."io.containerd.monitor.v1.cgroups"]
+    no_prometheus = true