Use default containerd address in pull-sandbox-image.sh

[cartermckinnon]

Issue #, if available:

Fixes #784.

Description of changes:

Remove explicit containerd address in pull-sandbox-image.sh, causing default /run/containerd/containerd.sock to be used. For future reference, this is also configurable via $CONTAINERD_ADDRESS.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[ravisinha0506]

Could you add details on how this change is validated?

[cartermckinnon]

I reproduced the issue by creating a node on the latest AMI, configured to use containerd via the --container-runtime flag on bootstrap.sh, then rebooted it. Kubelet isn't started because sandbox-image is in a crash loop. Modifying /etc/eks/containerd/pull-sandbox-image.sh to either use --address=/run/containerd/containerd.sock or no --address flag at all resolves the issue because, for ctr:

--address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]

This PR introduced the symlink in question. The author mentions that aws-cni-plugin still expects the dockershim socket to exist (the docs agree). So, it would be affected by a reboot in the same way. I believe we could move the symlink to /var/run/dockershim.sock to resolve that, but I don't know how to verify the CNI piece.

[cartermckinnon]

A bit more background:

• When pull-sandbox-image.sh was created, containerd ran on /run/dockershim.sock.
• Later, when the symlink was created, we switched containerd to /var/containerd/containerd.sock, and pull-sandbox-image.sh should have been updated to use /run/containerd/containerd.sock.

[ravisinha0506]

Change lgtm.

[cartermckinnon]

As an additional sanity check, I created a simple nginx pod with:

kubectl apply -f https://k8s.io/examples/pods/simple-pod.yaml

and it was scheduled and started successfully. I was able to port-forward it and curl the nginx default page.