From 4c919016912611b32bc562f99cd13fb735f50f61 Mon Sep 17 00:00:00 2001
From: Mohamed Zaian <mohamedzaian@gmail.com>
Date: Wed, 1 Jan 2025 13:46:56 +0100
Subject: [PATCH] [containerd] Support containerd v2.0.x

---
 README.md                                       |  2 +-
 docs/CRI/containerd.md                          |  2 +-
 .../containerd/defaults/main.yml                |  2 +-
 .../containerd/templates/config.toml.j2         |  6 ++++++
 .../defaults/main/checksums.yml                 | 17 +++++++++++++++++
 .../defaults/main/download.yml                  |  4 ++--
 6 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 93087679d18..9a42d1ffec5 100644
--- a/README.md
+++ b/README.md
@@ -100,7 +100,7 @@ Note:
   - [kubernetes](https://github.com/kubernetes/kubernetes) v1.32.0
   - [etcd](https://github.com/etcd-io/etcd) v3.5.16
   - [docker](https://www.docker.com/) v26.1
-  - [containerd](https://containerd.io/) v1.7.24
+  - [containerd](https://containerd.io/) v2.0.2
   - [cri-o](http://cri-o.io/) v1.31.0 (experimental: see [CRI-O Note](docs/CRI/cri-o.md). Only on fedora, ubuntu and centos based OS)
 - Network Plugin
   - [cni-plugins](https://github.com/containernetworking/plugins) v1.2.0
diff --git a/docs/CRI/containerd.md b/docs/CRI/containerd.md
index 9fd03bf2558..92da076a916 100644
--- a/docs/CRI/containerd.md
+++ b/docs/CRI/containerd.md
@@ -96,7 +96,7 @@ You can tune many more [settings][runtime-spec] by supplying your own file name
 containerd_base_runtime_specs:
   cri-spec-custom.json: |
     {
-      "ociVersion": "1.0.2-dev",
+      "ociVersion": "1.1.0",
       "process": {
         "user": {
           "uid": 0,
diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
index cbdc99afc2f..21a2842c3dd 100644
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -92,7 +92,7 @@ containerd_registry_auth: []
 # Configure containerd service
 containerd_limit_proc_num: "infinity"
 containerd_limit_core: "infinity"
-containerd_limit_open_file_num: "infinity"
+containerd_limit_open_file_num: 1048576
 containerd_limit_mem_lock: "infinity"
 
 # OS distributions that already support containerd
diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index 72f0a00b090..778f07646d4 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -1,4 +1,10 @@
+{% if containerd_version is version('2.0.0', '>=') %}
+version = 3
+{% else %}
 version = 2
+{% endif %}
+
+
 root = "{{ containerd_storage_dir }}"
 state = "{{ containerd_state_dir }}"
 oom_score = {{ containerd_oom_score }}
diff --git a/roles/kubespray-defaults/defaults/main/checksums.yml b/roles/kubespray-defaults/defaults/main/checksums.yml
index 456ed8e87f5..75badb06615 100644
--- a/roles/kubespray-defaults/defaults/main/checksums.yml
+++ b/roles/kubespray-defaults/defaults/main/checksums.yml
@@ -586,6 +586,7 @@ cri_dockerd_archive_checksums:
     0.3.5: 0
 runc_checksums:
   arm:
+    v1.2.4: 0
     v1.2.3: 0
     v1.2.2: 0
     v1.2.1: 0
@@ -599,6 +600,7 @@ runc_checksums:
     v1.1.9: 0
     v1.1.8: 0
   arm64:
+    v1.2.4: 285f6c4c3de1d78d9f536a0299ae931219527b2ebd9ad89df5a1072896b7e82a
     v1.2.3: 4ef19ab21ce1ae5a01e1d3fa5b005e45cdf59f5d3ab32541c9e262cb2b2d3451
     v1.2.2: bfd3e6c58bd6060eaa725520c31cbc8f6386ac7606e65bfa7fe9084100aa1789
     v1.2.1: 8c0d81c80ffdaab986629a9c787d8468ab41851e7aab8f9617a4c3674e192aaa
@@ -612,6 +614,7 @@ runc_checksums:
     v1.1.9: b43e9f561e85906f469eef5a7b7992fc586f750f44a0e011da4467e7008c33a0
     v1.1.8: 7c22cb618116d1d5216d79e076349f93a672253d564b19928a099c20e4acd658
   amd64:
+    v1.2.4: e83565aa78ec8f52a4d2b4eb6c4ca262b74c5f6770c1f43670c3029c20175502
     v1.2.3: e6e8c8049b1910fce58fa68c057aaa5f42cee2a73834df5e59e5da7612d2739d
     v1.2.2: a34f5ab4fc1df1f456293c3d797a76f2d41cf3cd970bb49fc53ba94bbc8a5cf6
     v1.2.1: b106d49c60e688022f5909432a77bd3260f29687199d47213ed87269588af781
@@ -625,6 +628,7 @@ runc_checksums:
     v1.1.9: b9bfdd4cb27cddbb6172a442df165a80bfc0538a676fbca1a6a6c8f4c6933b43
     v1.1.8: 1d05ed79854efc707841dfc7afbf3b86546fc1d0b3a204435ca921c14af8385b
   ppc64le:
+    v1.2.4: 141fa41c1f382483ccf374827f99c7843414fceb95e8ceb710aba8bac984d016
     v1.2.3: 6d1b771096000a14faae660465faf9626a76afe994cbe60581ec4eac1718f12d
     v1.2.2: 9af46fe0bdc654c72593a937806ca034ffbbf4f62f25c1de7a40b5b0f4374de7
     v1.2.1: 652920e145b461151b7e87b28b339594e62129cfc87370b03651a37c39bbc0df
@@ -865,6 +869,10 @@ nerdctl_archive_checksums:
     1.7.0: e421ae655ff68461bad04b4a1a0ffe40c6f0fcfb0847d5730d66cd95a7fd10cd
 containerd_archive_checksums:
   arm:
+    2.0.2: 0
+    2.0.1: 0
+    2.0.0: 0
+    1.7.24: 0
     1.7.23: 0
     1.7.22: 0
     1.7.21: 0
@@ -913,6 +921,9 @@ containerd_archive_checksums:
     1.6.15: 0
     1.6.14: 0
   arm64:
+    2.0.2: 14a2a9f7f75f73e5bcfb8b183d0b84830c54b98ef8c5f6ed70e51f1a230c673e
+    2.0.1: b07120ae227b52edfdb54131d44b13b987b39e8c1f740b0c969b7701e0fad4fa
+    2.0.0: 2a00b1553f38aa9e716d61316b661961c2fbfbb7aad7bd73b377be5725ecc0f1
     1.7.24: 420406d2b34ebb422ab3755fbeede59bf3bfcfccf5cfa584b558c93769d99064
     1.7.23: 6a66b5e63a5e88ff7eeb478ccaca9083d44e51e1d7261ae183fe5951a6226ccd
     1.7.22: 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce
@@ -962,6 +973,9 @@ containerd_archive_checksums:
     1.6.15: d63e4d27c51e33cd10f8b5621c559f09ece8a65fec66d80551b36cac9e61a07d
     1.6.14: 3ccb61218e60cbba0e1bbe1e5e2bf809ac1ead8eafbbff36c3195d3edd0e4809
   amd64:
+    2.0.2: 9bd5b6a1bdf505d520d9a329c520258ed0a17faa9fe3db12712ee858ad59aae3
+    2.0.1: 85061a5ce1b306292d5a64f85d5cd3aff93d0982737a1069d370dd6cb7bbfd09
+    2.0.0: 6f8da716941f7e89315cefaa6e5a8f1ff10b323ff46611313c455df7ab1ebee1
     1.7.24: 1a94f15139f37633f39e24f08a4071f4533b285df3cbee6478972d26147bcaef
     1.7.23: 8a0de43d9313aef2ebdccc0ffa49461a4a28139a2c0ef104c3c847f6f37c8119
     1.7.22: f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468
@@ -1011,6 +1025,9 @@ containerd_archive_checksums:
     1.6.15: 191bb4f6e4afc237efc5c85b5866b6fdfed731bde12cceaa6017a9c7f8aeda02
     1.6.14: 7da626d46c4edcae1eefe6d48dc6521db3e594a402715afcddc6ac9e67e1bfcd
   ppc64le:
+    2.0.2: 1b19d31bb8a7f9d26d9b50675e78f397d0b01fa635c33cca456f91c412fa6df1
+    2.0.1: 09a25357343c7336fe519e5fd1a9dd0f22da869e9deda50c2bc61b6e8c9384be
+    2.0.0: 2e7f4b15ac85c22c1ced102bbb424124078248f0af3183425ff335a998079809
     1.7.24: 2ca4d527dac68132a2a6b3971d82ddfd18edc7fa838b7cfcfe6eb11efd017871
     1.7.23: 00dd8a1145d7392ffe1e2b74da147b896e4387afb5e73ed6e5cd3744add32826
     1.7.22: 6747b7291ffbfde2c0bf0031978985df92ac74414f09bf190afda0fc9e797146
diff --git a/roles/kubespray-defaults/defaults/main/download.yml b/roles/kubespray-defaults/defaults/main/download.yml
index 1dbd756f4eb..497b75b59ae 100644
--- a/roles/kubespray-defaults/defaults/main/download.yml
+++ b/roles/kubespray-defaults/defaults/main/download.yml
@@ -75,11 +75,11 @@ image_arch: "{{ host_architecture | default('amd64') }}"
 
 # Versions
 crun_version: 1.17
-runc_version: v1.2.3
+runc_version: v1.2.4
 kata_containers_version: 3.1.3
 youki_version: 0.4.1
 gvisor_version: 20240305
-containerd_version: 1.7.24
+containerd_version: 2.0.2
 cri_dockerd_version: 0.3.11
 
 # this is relevant when container_manager == 'docker'