From 9f5ecdb801c1df3d96e54d646d4004743fc08375 Mon Sep 17 00:00:00 2001
From: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com>
Date: Tue, 28 Jun 2022 17:17:27 -0700
Subject: [PATCH] 1. enable cri-dockerd when the cluster version >= 1.24 AND
 the option enable_cri_dockerd is not configured; 2. drop the flag --address
 when the cluster version >= 1.24 in the DinD case

---
 cluster/defaults.go   | 22 ++++++++++++++++++++++
 cluster/plan.go       | 25 ++++++++++++++++++++++---
 cluster/validation.go | 18 +++++++++++++++---
 3 files changed, 59 insertions(+), 6 deletions(-)

diff --git a/cluster/defaults.go b/cluster/defaults.go
index 8a88bc75..a6317fab 100644
--- a/cluster/defaults.go
+++ b/cluster/defaults.go
@@ -249,6 +249,12 @@ func (c *Cluster) setClusterDefaults(ctx context.Context, flags ExternalFlags) e
 		c.ForceDeployCerts = true
 	}
 
+	// enable cri-dockerd for k8s >= 1.24
+	err = c.setCRIDockerd()
+	if err != nil {
+		return err
+	}
+
 	err = c.setClusterDNSDefaults()
 	if err != nil {
 		return err
@@ -288,6 +294,22 @@ func (c *Cluster) setNodeUpgradeStrategy() {
 	}
 }
 
+// setCRIDockerd set enable_cri_dockerd = true when the following two conditions are met:
+//the cluster's version is at least 1.24 and the option enable_cri_dockerd is not configured
+func (c *Cluster) setCRIDockerd() error {
+	parsedVersion, err := getClusterVersion(c.Version)
+	if err != nil {
+		return err
+	}
+	if parsedRangeAtLeast124(parsedVersion) {
+		if c.EnableCRIDockerd == nil {
+			enable := true
+			c.EnableCRIDockerd = &enable
+		}
+	}
+	return nil
+}
+
 func (c *Cluster) setClusterServicesDefaults() {
 	// We don't accept per service images anymore.
 	c.Services.KubeAPI.Image = c.SystemImages.Kubernetes
diff --git a/cluster/plan.go b/cluster/plan.go
index 6f5fc311..e1353141 100644
--- a/cluster/plan.go
+++ b/cluster/plan.go
@@ -11,6 +11,7 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/blang/semver"
 	"github.com/docker/docker/api/types"
 	"github.com/rancher/rke/docker"
 	"github.com/rancher/rke/hosts"
@@ -63,7 +64,10 @@ const (
 	KubeletCRIDockerdNameEnv = "RKE_KUBELET_CRIDOCKERD"
 )
 
-var admissionControlOptionNames = []string{"enable-admission-plugins", "admission-control"}
+var (
+	admissionControlOptionNames = []string{"enable-admission-plugins", "admission-control"}
+	parsedRangeAtLeast124       = semver.MustParseRange(">= 1.24.0-rancher0")
+)
 
 func GetServiceOptionData(data map[string]interface{}) map[string]*v3.KubernetesServicesOptions {
 	svcOptionsData := map[string]*v3.KubernetesServicesOptions{}
@@ -345,7 +349,12 @@ func (c *Cluster) BuildKubeControllerProcess(host *hosts.Host, serviceOptions v3
 	}
 	CommandArrayArgs := make(map[string][]string, len(c.Services.KubeAPI.ExtraArgsArray))
 	// Best security practice is to listen on localhost, but DinD uses private container network instead of Host.
-	if c.DinD {
+	// the flag --address is removed since k8s 1.24
+	parsedVersion, err := getClusterVersion(c.Version)
+	if err != nil {
+		logrus.Warn(err)
+	}
+	if c.DinD && !parsedRangeAtLeast124(parsedVersion) {
 		CommandArgs["address"] = "0.0.0.0"
 	}
 	if len(c.CloudProvider.Name) > 0 {
@@ -493,6 +502,14 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, serviceOptions v3.Kubern
 	if c.IsCRIDockerdEnabled() {
 		CommandArgs["container-runtime"] = "remote"
 		CommandArgs["container-runtime-endpoint"] = "/var/run/dockershim.sock"
+		parsedVersion, err := getClusterVersion(c.Version)
+		if err != nil {
+			logrus.Debugf("Error while parsing cluster version: %s", err)
+		}
+		// cri-dockerd must be enabled if the cluster version is 1.24 and higher
+		if parsedRangeAtLeast124(parsedVersion) {
+			CommandArgs["container-runtime-endpoint"] = "unix:///var/run/cri-dockerd.sock"
+		}
 	}
 
 	if serviceOptions.Kubelet != nil {
@@ -813,7 +830,9 @@ func (c *Cluster) BuildSchedulerProcess(host *hosts.Host, serviceOptions v3.Kube
 	}
 	CommandArrayArgs := make(map[string][]string, len(c.Services.KubeAPI.ExtraArgsArray))
 	// Best security practice is to listen on localhost, but DinD uses private container network instead of Host.
-	if c.DinD {
+	// the flag --address is removed since k8s 1.24
+	parsedVersion, _ := getClusterVersion(c.Version)
+	if c.DinD && !parsedRangeAtLeast124(parsedVersion) {
 		CommandArgs["address"] = "0.0.0.0"
 	}
 
diff --git a/cluster/validation.go b/cluster/validation.go
index f39b7554..93bed239 100644
--- a/cluster/validation.go
+++ b/cluster/validation.go
@@ -631,9 +631,9 @@ func validateIngressImages(c *Cluster) error {
 func validateCRIDockerdOption(c *Cluster) error {
 	if c.EnableCRIDockerd != nil && *c.EnableCRIDockerd {
 		k8sVersion := c.RancherKubernetesEngineConfig.Version
-		toMatch, err := semver.Make(k8sVersion[1:])
+		parsedVersion, err := getClusterVersion(k8sVersion)
 		if err != nil {
-			return fmt.Errorf("%s is not valid semver", k8sVersion)
+			return err
 		}
 		logrus.Debugf("Checking cri-dockerd for cluster version [%s]", k8sVersion)
 		// cri-dockerd can be enabled for k8s 1.21 and up
@@ -641,7 +641,7 @@ func validateCRIDockerdOption(c *Cluster) error {
 		if err != nil {
 			logrus.Warnf("Failed to parse semver range for checking cri-dockerd")
 		}
-		if !CRIDockerdAllowedRange(toMatch) {
+		if !CRIDockerdAllowedRange(parsedVersion) {
 			logrus.Debugf("Cluster version [%s] is not allowed to enable cri-dockerd", k8sVersion)
 			return fmt.Errorf("Enabling cri-dockerd for cluster version [%s] is not supported", k8sVersion)
 		}
@@ -649,3 +649,15 @@ func validateCRIDockerdOption(c *Cluster) error {
 	}
 	return nil
 }
+
+func getClusterVersion(version string) (semver.Version, error) {
+	var parsedVersion semver.Version
+	if len(version) <= 1 || !strings.HasPrefix(version, "v") {
+		return parsedVersion, fmt.Errorf("%s is not valid version", version)
+	}
+	parsedVersion, err := semver.Parse(version[1:])
+	if err != nil {
+		return parsedVersion, fmt.Errorf("%s is not valid semver", version)
+	}
+	return parsedVersion, nil
+}