containerd: download containerd from upstream instead of using distro specific packages (#7970)

* Containerd: download containerd from upstream instead of using distro specific packages split runc download to separate role make bootstrap-os role deploy container-selinux and seccomp libraries clean up package manager provided containerd move variables to docker role that are no longer common with containerd * Containerd: make molecule testing more relevant * replace ubuntu18 with ubuntu20 * add centos8 and debian11 to molecule tests * run kubernetes/preinstall role to ensure relevancy of test including dependency packages * CI: adjust test scenarios for downloaded containerd
2025-12-14 13:54:37 +03:00 · 2021-10-20 18:47:58 +03:00
parent 10c30ea5b1
commit ea8e2fc651
55 changed files with 397 additions and 312 deletions
--- a/roles/container-engine/containerd-common/defaults/main.yml
+++ b/roles/container-engine/containerd-common/defaults/main.yml
@@ -1,17 +1,17 @@
 ---
 # We keep these variables around to allow migration from package
 # manager controlled installs to direct download ones.
 containerd_package: 'containerd.io'
 yum_repo_dir: /etc/yum.repos.d
 # Keep minimal repo information arround for cleanup
 containerd_repo_info:
  repos:
 # Fedora docker-ce repo
 docker_fedora_repo_base_url: 'https://download.docker.com/linux/fedora/{{ ansible_distribution_major_version }}/$basearch/stable'
 docker_fedora_repo_gpgkey: 'https://download.docker.com/linux/fedora/gpg'
 # CentOS/RedHat docker-ce repo
 docker_rh_repo_base_url: 'https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/$basearch/stable'
 docker_rh_repo_gpgkey: 'https://download.docker.com/linux/centos/gpg'
 # Ubuntu docker-ce repo
-docker_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu"
+containerd_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu"
-docker_ubuntu_repo_gpgkey: 'https://download.docker.com/linux/ubuntu/gpg'
+containerd_ubuntu_repo_component: "stable"
-docker_ubuntu_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
+
 # Debian docker-ce repo
-docker_debian_repo_base_url: "https://download.docker.com/linux/debian"
+containerd_debian_repo_base_url: "https://download.docker.com/linux/debian"
-docker_debian_repo_gpgkey: 'https://download.docker.com/linux/debian/gpg'
+containerd_debian_repo_component: "stable"
 docker_debian_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
--- a/roles/container-engine/containerd-common/tasks/main.yml
+++ b/roles/container-engine/containerd-common/tasks/main.yml
@@ -1,5 +1,17 @@
 ---
- name: gather os specific variables
+- name: containerd-common | check if fedora coreos
  stat:
    path: /run/ostree-booted
    get_attributes: no
    get_checksum: no
    get_mime: no
  register: ostree
 - name: containerd-common | set is_ostree
  set_fact:
    is_ostree: "{{ ostree.stat.exists }}"
 - name: containerd-common | gather os specific variables
  include_vars: "{{ item }}"
  with_first_found:
    - files:
--- a/roles/container-engine/containerd-common/vars/amazon.yml
+++ b/roles/container-engine/containerd-common/vars/amazon.yml
@@ -1,10 +1,2 @@
 ---
 containerd_package: containerd
 containerd_versioned_pkg:
  'latest': "{{ containerd_package }}"
  '1.3.2': "{{ containerd_package }}-1.3.2-1.amzn{{ ansible_distribution_major_version }}"
  '1.4.1': "{{ containerd_package }}-1.4.1-2.amzn{{ ansible_distribution_major_version }}"
  '1.4.4': "{{ containerd_package }}-1.4.4-1.amzn{{ ansible_distribution_major_version }}"
  '1.4.6': "{{ containerd_package }}-1.4.6-1.amzn{{ ansible_distribution_major_version }}"
  'stable': "{{ containerd_package }}-1.4.6-1.amzn{{ ansible_distribution_major_version }}"
  'edge': "{{ containerd_package }}-1.4.6-1.amzn{{ ansible_distribution_major_version }}"
--- a/roles/container-engine/containerd-common/vars/debian-stretch.yml
+++ b/roles/container-engine/containerd-common/vars/debian-stretch.yml
@@ -1,10 +0,0 @@
 ---
 containerd_version: 1.4.3
 containerd_versioned_pkg:
  'latest': "{{ containerd_package }}"
  '1.3.7': "{{ containerd_package }}=1.3.7-1"
  '1.3.9': "{{ containerd_package }}=1.3.9-1"
  '1.4.3': "{{ containerd_package }}=1.4.3-1"
  'stable': "{{ containerd_package }}=1.4.3-1"
  'edge': "{{ containerd_package }}=1.4.3-1"
--- a/roles/container-engine/containerd-common/vars/debian.yml
+++ b/roles/container-engine/containerd-common/vars/debian.yml
@@ -1,11 +0,0 @@
 ---
 containerd_versioned_pkg:
  'latest': "{{ containerd_package }}"
  '1.3.7': "{{ containerd_package }}=1.3.7-1"
  '1.3.9': "{{ containerd_package }}=1.3.9-1"
  '1.4.3': "{{ containerd_package }}=1.4.3-2"
  '1.4.4': "{{ containerd_package }}=1.4.4-1"
  '1.4.6': "{{ containerd_package }}=1.4.6-1"
  '1.4.9': "{{ containerd_package }}=1.4.9-1"
  'stable': "{{ containerd_package }}=1.4.9-1"
  'edge': "{{ containerd_package }}=1.4.9-1"
--- a/roles/container-engine/containerd-common/vars/fedora.yml
+++ b/roles/container-engine/containerd-common/vars/fedora.yml
@@ -1,11 +0,0 @@
 ---
 containerd_versioned_pkg:
  'latest': "{{ containerd_package }}"
  '1.3.7': "{{ containerd_package }}-1.3.7-3.1.fc{{ ansible_distribution_major_version }}"
  '1.3.9': "{{ containerd_package }}-1.3.9-3.1.fc{{ ansible_distribution_major_version }}"
  '1.4.3': "{{ containerd_package }}-1.4.3-3.2.fc{{ ansible_distribution_major_version }}"
  '1.4.4': "{{ containerd_package }}-1.4.4-3.1.fc{{ ansible_distribution_major_version }}"
  '1.4.6': "{{ containerd_package }}-1.4.6-3.1.fc{{ ansible_distribution_major_version }}"
  '1.4.9': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}"
  'stable': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}"
  'edge': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}"
--- a/roles/container-engine/containerd-common/vars/redhat.yml
+++ b/roles/container-engine/containerd-common/vars/redhat.yml
@@ -1,11 +0,0 @@
 ---
 containerd_versioned_pkg:
  'latest': "{{ containerd_package }}"
  '1.3.7': "{{ containerd_package }}-1.3.7-3.1.el{{ ansible_distribution_major_version }}"
  '1.3.9': "{{ containerd_package }}-1.3.9-3.1.el{{ ansible_distribution_major_version }}"
  '1.4.3': "{{ containerd_package }}-1.4.3-3.2.el{{ ansible_distribution_major_version }}"
  '1.4.4': "{{ containerd_package }}-1.4.4-3.1.el{{ ansible_distribution_major_version }}"
  '1.4.6': "{{ containerd_package }}-1.4.6-3.1.el{{ ansible_distribution_major_version }}"
  '1.4.9': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}"
  'stable': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}"
  'edge': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}"
--- a/roles/container-engine/containerd-common/vars/suse.yml
+++ b/roles/container-engine/containerd-common/vars/suse.yml
@@ -0,0 +1,2 @@
 ---
 containerd_package: containerd
--- a/roles/container-engine/containerd-common/vars/ubuntu-16.yml
+++ b/roles/container-engine/containerd-common/vars/ubuntu-16.yml
@@ -1,10 +0,0 @@
 ---
 containerd_versioned_pkg:
  'latest': "{{ containerd_package }}"
  '1.3.7': "{{ containerd_package }}=1.3.7-1"
  '1.3.9': "{{ containerd_package }}=1.3.9-1"
  '1.4.3': "{{ containerd_package }}=1.4.3-2"
  '1.4.4': "{{ containerd_package }}=1.4.4-1"
  '1.4.6': "{{ containerd_package }}=1.4.6-1"
  'stable': "{{ containerd_package }}=1.4.6-1"
  'edge': "{{ containerd_package }}=1.4.6-1"
--- a/roles/container-engine/containerd-common/vars/ubuntu.yml
+++ b/roles/container-engine/containerd-common/vars/ubuntu.yml
@@ -1,11 +0,0 @@
 ---
 containerd_versioned_pkg:
  'latest': "{{ containerd_package }}"
  '1.3.7': "{{ containerd_package }}=1.3.7-1"
  '1.3.9': "{{ containerd_package }}=1.3.9-1"
  '1.4.3': "{{ containerd_package }}=1.4.3-2"
  '1.4.4': "{{ containerd_package }}=1.4.4-1"
  '1.4.6': "{{ containerd_package }}=1.4.6-1"
  '1.4.9': "{{ containerd_package }}=1.4.9-1"
  'stable': "{{ containerd_package }}=1.4.9-1"
  'edge': "{{ containerd_package }}=1.4.9-1"
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -1,6 +1,7 @@
 ---
 containerd_storage_dir: "/var/lib/containerd"
 containerd_state_dir: "/run/containerd"
 containerd_systemd_dir: "/etc/systemd/system/containerd.service.d"
 containerd_oom_score: 0
 containerd_default_runtime: "runc"
@@ -35,39 +36,6 @@ containerd_max_container_log_line_size: -1
 containerd_cfg_dir: /etc/containerd
 # Path to runc binary
 runc_binary: /usr/bin/runc
 yum_repo_dir: /etc/yum.repos.d
 # Optional values for containerd apt repo
 containerd_package_info:
  pkgs:
 containerd_repo_key_info:
  repo_keys:
 containerd_repo_info:
  repos:
 # Ubuntu docker-ce repo
 containerd_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu"
 containerd_ubuntu_repo_gpgkey: "https://download.docker.com/linux/ubuntu/gpg"
 containerd_ubuntu_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
 containerd_ubuntu_repo_component: "stable"
 # Debian docker-ce repo
 containerd_debian_repo_base_url: "https://download.docker.com/linux/debian"
 containerd_debian_repo_gpgkey: "https://download.docker.com/linux/debian/gpg"
 containerd_debian_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
 containerd_debian_repo_component: "stable"
 # Fedora docker-ce repo
 containerd_fedora_repo_base_url: "https://download.docker.com/linux/fedora/{{ ansible_distribution_major_version }}/$basearch/stable"
 containerd_fedora_repo_gpgkey: "https://download.docker.com/linux/fedora/gpg"
 containerd_fedora_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
 containerd_fedora_repo_component: "stable"
 # Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally
 containerd_extra_args: ''
--- a/roles/container-engine/containerd/meta/main.yml
+++ b/roles/container-engine/containerd/meta/main.yml
@@ -1,3 +1,5 @@
 ---
 dependencies:
  - role: container-engine/containerd-common
  - role: container-engine/runc
  - role: container-engine/crictl
--- a/roles/container-engine/containerd/molecule/default/converge.yml
+++ b/roles/container-engine/containerd/molecule/default/converge.yml
@@ -2,6 +2,8 @@
 - name: Converge
  hosts: all
  become: true
  vars:
    container_manager: containerd
  roles:
    - role: kubespray-defaults
    - role: container-engine/containerd
--- a/roles/container-engine/containerd/molecule/default/molecule.yml
+++ b/roles/container-engine/containerd/molecule/default/molecule.yml
@@ -7,12 +7,30 @@ lint: |
  set -e
  yamllint -c ../../../.yamllint .
 platforms:
-  - name: ubuntu18
+  - name: ubuntu20
-    box: generic/ubuntu1804
+    box: generic/ubuntu2004
-    cpus: 2
+    cpus: 1
    memory: 1024
    groups:
      - kube_control_plane
      - kube_node
      - k8s_cluster
  - name: debian11
    box: generic/debian11
    cpus: 1
    memory: 1024
    groups:
      - kube_control_plane
      - kube_node
      - k8s_cluster
  - name: centos8
    box: generic/centos8
    cpus: 1
    memory: 1024
    groups:
      - kube_control_plane
      - kube_node
      - k8s_cluster
 provisioner:
  name: ansible
  env:
--- a/roles/container-engine/containerd/molecule/default/prepare.yml
+++ b/roles/container-engine/containerd/molecule/default/prepare.yml
@@ -2,5 +2,10 @@
 - name: Prepare
  hosts: all
  gather_facts: False
  become: true
  vars:
    ignore_assert_errors: true
  roles:
    - role: kubespray-defaults
    - role: bootstrap-os
    - { role: kubernetes/preinstall, tags: ["bootstrap-os"] }
--- a/roles/container-engine/containerd/tasks/containerd_repo.yml
+++ b/roles/container-engine/containerd/tasks/containerd_repo.yml
@@ -1,36 +0,0 @@
 ---
 - name: ensure containerd repository public key is installed
  apt_key:
    id: "{{ item }}"
    url: "{{ containerd_repo_key_info.url }}"
    state: present
  register: keyserver_task_result
  until: keyserver_task_result is succeeded
  retries: 4
  delay: "{{ retry_stagger | d(3) }}"
  with_items: "{{ containerd_repo_key_info.repo_keys }}"
  environment: "{{ proxy_env }}"
  when: ansible_pkg_mgr == 'apt'
 - name: ensure containerd repository is enabled
  apt_repository:
    repo: "{{ item }}"
    state: present
  with_items: "{{ containerd_repo_info.repos }}"
  when: ansible_pkg_mgr == 'apt'
 - name: Configure containerd repository on Fedora
  template:
    src: "fedora_containerd.repo.j2"
    dest: "{{ yum_repo_dir }}/containerd.repo"
    mode: 0644
  when: ansible_distribution == "Fedora"
 - name: Configure containerd repository on RedHat/OracleLinux/CentOS/AlmaLinux
  template:
    src: "rh_containerd.repo.j2"
    dest: "{{ yum_repo_dir }}/containerd.repo"
    mode: 0644
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution not in ["Fedora", "Amazon"]
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -1,41 +1,10 @@
 ---
 - name: check if fedora coreos
  stat:
    path: /run/ostree-booted
    get_attributes: no
    get_checksum: no
    get_mime: no
  register: ostree
 - name: set is_ostree
  set_fact:
    is_ostree: "{{ ostree.stat.exists }}"
 - name: Fail containerd setup if distribution is not supported
  fail:
    msg: "{{ ansible_distribution }} is not supported by containerd."
  when:
    - not ansible_distribution in ["CentOS", "OracleLinux", "RedHat", "Ubuntu", "Debian", "Fedora", "AlmaLinux", "Rocky", "Amazon", "Flatcar", "Flatcar Container Linux by Kinvolk"]
 - name: gather os specific variables
  include_vars: "{{ item }}"
  with_first_found:
    - files:
        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}-{{ host_architecture }}.yml"
        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}.yml"
        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
        - "{{ ansible_distribution|lower }}-{{ host_architecture }}.yml"
        - "{{ ansible_distribution|lower }}.yml"
        - "{{ ansible_os_family|lower }}-{{ host_architecture }}.yml"
        - "{{ ansible_os_family|lower }}.yml"
        - defaults.yml
      paths:
        - ../vars
      skip: true
  tags:
    - facts
 - name: disable unified_cgroup_hierarchy in Fedora 31+
  command: grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
  when:
@@ -52,32 +21,71 @@
    - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
    - not is_ostree
- include_tasks: containerd_repo.yml
+- name: containerd | Remove any package manager controlled containerd package
-  when: not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
+  package:
    name: "{{ containerd_package }}"
    state: absent
  when:
    - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
- name: Create containerd service systemd directory if it doesn't exist
+- name: containerd | Remove containerd repository
  file:
-    path: /etc/systemd/system/containerd.service.d
+    path: "{{ yum_repo_dir }}/containerd.repo"
-    state: directory
+    state: absent
-    mode: 0755
+  when:
    - ansible_os_family in ['RedHat']
- name: Write containerd proxy drop-in
+- name: containerd | Remove containerd repository
  apt_repository:
    repo: "{{ item }}"
    state: absent
  with_items: "{{ containerd_repo_info.repos }}"
  when: ansible_pkg_mgr == 'apt'
 - name: containerd | Download containerd
  include_tasks: "../../../download/tasks/download_file.yml"
  vars:
    download: "{{ download_defaults | combine(downloads.containerd) }}"
 - name: containerd | Unpack containerd archive
  unarchive:
    src: "{{ downloads.containerd.dest }}"
    dest: "{{ containerd_bin_dir }}"
    mode: 0755
    remote_src: yes
    extra_opts:
      - --strip-components=1
  notify: restart containerd
 - name: containerd | Generate systemd service for containerd
  template:
-    src: http-proxy.conf.j2
+    src: containerd.service.j2
-    dest: /etc/systemd/system/containerd.service.d/http-proxy.conf
+    dest: /etc/systemd/system/containerd.service
    mode: 0644
  notify: restart containerd
  when: http_proxy is defined or https_proxy is defined
- name: ensure containerd config directory
+- name: containerd | Ensure containerd directories exist
  file:
-    dest: "{{ containerd_cfg_dir }}"
+    dest: "{{ item }}"
    state: directory
    mode: 0755
    owner: root
    group: root
  with_items:
    - "{{ containerd_systemd_dir }}"
    - "{{ containerd_cfg_dir }}"
    - "{{ containerd_storage_dir }}"
    - "{{ containerd_state_dir }}"
- name: Copy containerd config file
+- name: containerd | Write containerd proxy drop-in
  template:
    src: http-proxy.conf.j2
    dest: "{{ containerd_systemd_dir }}/http-proxy.conf"
    mode: 0644
  notify: restart containerd
  when: http_proxy is defined or https_proxy is defined
 - name: containerd | Copy containerd config file
  template:
    src: config.toml.j2
    dest: "{{ containerd_cfg_dir }}/config.toml"
@@ -85,49 +93,12 @@
    mode: 0640
  notify: restart containerd
 # This is required to ensure any apt upgrade will not break kubernetes
 - name: Set containerd pin priority to apt_preferences on Debian family
  copy:
    content: |
      Package: {{ containerd_package }}
      Pin: version {{ containerd_version }}*
      Pin-Priority: 1001
    dest: "/etc/apt/preferences.d/containerd"
    owner: "root"
    mode: 0644
  when: ansible_pkg_mgr == 'apt'
 - name: ensure containerd packages are installed
  package:
    name: "{{ containerd_package_info.pkgs }}"
    state: present
  module_defaults:
    apt:
      update_cache: true
    dnf:
      enablerepo: "{{ containerd_package_info.enablerepo | default(omit) }}"
    yum:
      enablerepo: "{{ containerd_package_info.enablerepo | default(omit) }}"
    zypper:
      update_cache: true
  register: containerd_task_result
  until: containerd_task_result is succeeded
  retries: 4
  delay: "{{ retry_stagger | d(3) }}"
  notify: restart containerd
  when:
    - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
    - containerd_package_info.pkgs|length > 0
 - include_role:  # noqa unnamed-task
    name: container-engine/crictl
 # you can sometimes end up in a state where everything is installed
 # but containerd was not started / enabled
- name: flush handlers
+- name: containerd | Flush handlers
  meta: flush_handlers
- name: ensure containerd is started and enabled
+- name: containerd | Ensure containerd is started and enabled
  service:
    name: containerd
    enabled: yes
--- a/roles/container-engine/containerd/templates/containerd.service.j2
+++ b/roles/container-engine/containerd/templates/containerd.service.j2
@@ -0,0 +1,40 @@
 # Copyright The containerd Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 [Unit]
 Description=containerd container runtime
 Documentation=https://containerd.io
 After=network.target local-fs.target
 [Service]
 ExecStartPre=-/sbin/modprobe overlay
 ExecStart={{ containerd_bin_dir }}/containerd
 Type=notify
 Delegate=yes
 KillMode=process
 Restart=always
 RestartSec=5
 # Having non-zero Limit*s causes performance problems due to accounting overhead
 # in the kernel. We recommend using cgroups to do container-local accounting.
 LimitNPROC=infinity
 LimitCORE=infinity
 LimitNOFILE=infinity
 # Comment TasksMax if your systemd version does not supports it.
 # Only systemd 226 and above support this version.
 TasksMax=infinity
 OOMScoreAdjust=-999
 [Install]
 WantedBy=multi-user.target
--- a/roles/container-engine/containerd/templates/fedora_containerd.repo.j2
+++ b/roles/container-engine/containerd/templates/fedora_containerd.repo.j2
@@ -1,7 +0,0 @@
 [docker-ce]
 name=Docker-CE Repository
 baseurl={{ containerd_fedora_repo_base_url }}
 enabled=0
 gpgcheck={{ '1' if containerd_fedora_repo_gpgkey else '0' }}
 gpgkey={{ containerd_fedora_repo_gpgkey }}
 {% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %}
--- a/roles/container-engine/containerd/templates/rh_containerd.repo.j2
+++ b/roles/container-engine/containerd/templates/rh_containerd.repo.j2
@@ -1,10 +0,0 @@
 [docker-ce]
 name=Docker-CE Repository
 baseurl={{ docker_rh_repo_base_url }}
 enabled=0
 gpgcheck={{ '1' if docker_rh_repo_gpgkey else '0' }}
 keepcache={{ docker_rpm_keepcache | default('1') }}
 gpgkey={{ docker_rh_repo_gpgkey }}
 {% if http_proxy is defined %}
 proxy={{ http_proxy }}
 {% endif %}
--- a/roles/container-engine/containerd/vars/amazon.yml
+++ b/roles/container-engine/containerd/vars/amazon.yml
@@ -1,5 +0,0 @@
 ---
 containerd_package_info:
  enablerepo: "amzn2extra-docker"
  pkgs:
    - "{{ containerd_versioned_pkg[containerd_version | string] }}"
--- a/roles/container-engine/containerd/vars/debian.yml
+++ b/roles/container-engine/containerd/vars/debian.yml
@@ -1,13 +1,4 @@
 ---
 containerd_package_info:
  pkgs:
    - "{{ containerd_versioned_pkg[containerd_version | string] }}"
 containerd_repo_key_info:
  url: '{{ containerd_debian_repo_gpgkey }}'
  repo_keys:
    - '{{ containerd_debian_repo_repokey }}'
 containerd_repo_info:
  repos:
    - >
--- a/roles/container-engine/containerd/vars/fedora.yml
+++ b/roles/container-engine/containerd/vars/fedora.yml
@@ -1,5 +0,0 @@
 ---
 containerd_package_info:
  enablerepo: "docker-ce"
  pkgs:
    - "{{ containerd_versioned_pkg[containerd_version | string] }}"
--- a/roles/container-engine/containerd/vars/redhat.yml
+++ b/roles/container-engine/containerd/vars/redhat.yml
@@ -1,5 +0,0 @@
 ---
 containerd_package_info:
  enablerepo: "docker-ce"
  pkgs:
    - "{{ containerd_versioned_pkg[containerd_version | string] }}"
--- a/roles/container-engine/containerd/vars/suse.yml
+++ b/roles/container-engine/containerd/vars/suse.yml
@@ -1,7 +0,0 @@
 ---
 # docker-ce containerd.io does not contain daemon
 containerd_package: containerd
 containerd_package_info:
  pkgs:
    - "{{ containerd_package }}"
--- a/roles/container-engine/containerd/vars/ubuntu.yml
+++ b/roles/container-engine/containerd/vars/ubuntu.yml
@@ -1,13 +1,4 @@
 ---
 containerd_package_info:
  pkgs:
    - "{{ containerd_versioned_pkg[containerd_version | string] }}"
 containerd_repo_key_info:
  url: '{{ containerd_ubuntu_repo_gpgkey }}'
  repo_keys:
    - '{{ containerd_ubuntu_repo_repokey }}'
 containerd_repo_info:
  repos:
    - >
--- a/roles/container-engine/docker/defaults/main.yml
+++ b/roles/container-engine/docker/defaults/main.yml
@@ -13,8 +13,6 @@ docker_repo_info:
 docker_cgroup_driver: systemd
 yum_repo_dir: /etc/yum.repos.d
 docker_bin_dir: "/usr/bin"
 # flag to enable/disable docker cleanup
@@ -41,3 +39,26 @@ docker_remove_packages_apt:
  - docker
  - docker-engine
  - docker.io
 # Docker specific repos should be part of the docker role not containerd-common anymore
 # Optional values for containerd apt repo
 containerd_package_info:
  pkgs:
 # Fedora docker-ce repo
 docker_fedora_repo_base_url: 'https://download.docker.com/linux/fedora/{{ ansible_distribution_major_version }}/$basearch/stable'
 docker_fedora_repo_gpgkey: 'https://download.docker.com/linux/fedora/gpg'
 # CentOS/RedHat docker-ce repo
 docker_rh_repo_base_url: 'https://download.docker.com/linux/centos/{{ ansible_distribution_major_version }}/$basearch/stable'
 docker_rh_repo_gpgkey: 'https://download.docker.com/linux/centos/gpg'
 # Ubuntu docker-ce repo
 docker_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu"
 docker_ubuntu_repo_gpgkey: 'https://download.docker.com/linux/ubuntu/gpg'
 docker_ubuntu_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
 # Debian docker-ce repo
 docker_debian_repo_base_url: "https://download.docker.com/linux/debian"
 docker_debian_repo_gpgkey: 'https://download.docker.com/linux/debian/gpg'
 docker_debian_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
--- a/roles/container-engine/docker/vars/debian-stretch.yml
+++ b/roles/container-engine/docker/vars/debian-stretch.yml
@@ -1,4 +1,13 @@
 ---
 # containerd versions are only relevant for docker
 containerd_versioned_pkg:
  'latest': "{{ containerd_package }}"
  '1.3.7': "{{ containerd_package }}=1.3.7-1"
  '1.3.9': "{{ containerd_package }}=1.3.9-1"
  '1.4.3': "{{ containerd_package }}=1.4.3-1"
  'stable': "{{ containerd_package }}=1.4.3-1"
  'edge': "{{ containerd_package }}=1.4.3-1"
 docker_version: 19.03
 docker_cli_version: 19.03
--- a/roles/container-engine/docker/vars/debian.yml
+++ b/roles/container-engine/docker/vars/debian.yml
@@ -1,4 +1,16 @@
 ---
 # containerd package info is only relevant for docker
 containerd_versioned_pkg:
  'latest': "{{ containerd_package }}"
  '1.3.7': "{{ containerd_package }}=1.3.7-1"
  '1.3.9': "{{ containerd_package }}=1.3.9-1"
  '1.4.3': "{{ containerd_package }}=1.4.3-2"
  '1.4.4': "{{ containerd_package }}=1.4.4-1"
  '1.4.6': "{{ containerd_package }}=1.4.6-1"
  '1.4.9': "{{ containerd_package }}=1.4.9-1"
  'stable': "{{ containerd_package }}=1.4.9-1"
  'edge': "{{ containerd_package }}=1.4.9-1"
 # https://download.docker.com/linux/debian/
 docker_versioned_pkg:
  'latest': docker-ce
--- a/roles/container-engine/docker/vars/fedora.yml
+++ b/roles/container-engine/docker/vars/fedora.yml
@@ -1,4 +1,16 @@
 ---
 # containerd versions are only relevant for docker
 containerd_versioned_pkg:
  'latest': "{{ containerd_package }}"
  '1.3.7': "{{ containerd_package }}-1.3.7-3.1.fc{{ ansible_distribution_major_version }}"
  '1.3.9': "{{ containerd_package }}-1.3.9-3.1.fc{{ ansible_distribution_major_version }}"
  '1.4.3': "{{ containerd_package }}-1.4.3-3.2.fc{{ ansible_distribution_major_version }}"
  '1.4.4': "{{ containerd_package }}-1.4.4-3.1.fc{{ ansible_distribution_major_version }}"
  '1.4.6': "{{ containerd_package }}-1.4.6-3.1.fc{{ ansible_distribution_major_version }}"
  '1.4.9': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}"
  'stable': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}"
  'edge': "{{ containerd_package }}-1.4.9-3.1.fc{{ ansible_distribution_major_version }}"
 # https://docs.docker.com/install/linux/docker-ce/fedora/
 # https://download.docker.com/linux/fedora/<fedora-version>/x86_64/stable/Packages/
 docker_versioned_pkg:
--- a/roles/container-engine/docker/vars/redhat.yml
+++ b/roles/container-engine/docker/vars/redhat.yml
@@ -1,4 +1,16 @@
 ---
 # containerd versions are only relevant for docker
 containerd_versioned_pkg:
  'latest': "{{ containerd_package }}"
  '1.3.7': "{{ containerd_package }}-1.3.7-3.1.el{{ ansible_distribution_major_version }}"
  '1.3.9': "{{ containerd_package }}-1.3.9-3.1.el{{ ansible_distribution_major_version }}"
  '1.4.3': "{{ containerd_package }}-1.4.3-3.2.el{{ ansible_distribution_major_version }}"
  '1.4.4': "{{ containerd_package }}-1.4.4-3.1.el{{ ansible_distribution_major_version }}"
  '1.4.6': "{{ containerd_package }}-1.4.6-3.1.el{{ ansible_distribution_major_version }}"
  '1.4.9': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}"
  'stable': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}"
  'edge': "{{ containerd_package }}-1.4.9-3.1.el{{ ansible_distribution_major_version }}"
 # https://docs.docker.com/engine/installation/linux/centos/#install-from-a-package
 # https://download.docker.com/linux/centos/<centos_version>>/x86_64/stable/Packages/
 # or do 'yum --showduplicates list docker-engine'
--- a/roles/container-engine/docker/vars/ubuntu-16.yml
+++ b/roles/container-engine/docker/vars/ubuntu-16.yml
@@ -1,4 +1,15 @@
 ---
 # containerd versions are only relevant for docker
 containerd_versioned_pkg:
  'latest': "{{ containerd_package }}"
  '1.3.7': "{{ containerd_package }}=1.3.7-1"
  '1.3.9': "{{ containerd_package }}=1.3.9-1"
  '1.4.3': "{{ containerd_package }}=1.4.3-2"
  '1.4.4': "{{ containerd_package }}=1.4.4-1"
  '1.4.6': "{{ containerd_package }}=1.4.6-1"
  'stable': "{{ containerd_package }}=1.4.6-1"
  'edge': "{{ containerd_package }}=1.4.6-1"
 # https://download.docker.com/linux/ubuntu/
 docker_versioned_pkg:
  'latest': docker-ce
--- a/roles/container-engine/docker/vars/ubuntu.yml
+++ b/roles/container-engine/docker/vars/ubuntu.yml
@@ -1,4 +1,16 @@
 ---
 # containerd versions are only relevant for docker
 containerd_versioned_pkg:
  'latest': "{{ containerd_package }}"
  '1.3.7': "{{ containerd_package }}=1.3.7-1"
  '1.3.9': "{{ containerd_package }}=1.3.9-1"
  '1.4.3': "{{ containerd_package }}=1.4.3-2"
  '1.4.4': "{{ containerd_package }}=1.4.4-1"
  '1.4.6': "{{ containerd_package }}=1.4.6-1"
  '1.4.9': "{{ containerd_package }}=1.4.9-1"
  'stable': "{{ containerd_package }}=1.4.9-1"
  'edge': "{{ containerd_package }}=1.4.9-1"
 # https://download.docker.com/linux/ubuntu/
 docker_versioned_pkg:
  'latest': docker-ce
--- a/roles/container-engine/runc/defaults/main.yml
+++ b/roles/container-engine/runc/defaults/main.yml
@@ -0,0 +1,5 @@
 ---
 runc_bin_dir: /usr/bin/
 runc_package_name: runc
--- a/roles/container-engine/runc/tasks/main.yml
+++ b/roles/container-engine/runc/tasks/main.yml
@@ -0,0 +1,17 @@
 ---
 - name: runc | Uninstall runc package managed by package manager
  package:
    name: "{{ runc_package_name }}"
    state: absent
 - name: runc | Download runc binary
  include_tasks: "../../../download/tasks/download_file.yml"
  vars:
    download: "{{ download_defaults | combine(downloads.runc) }}"
 - name: Copy runc binary from download dir
  copy:
    src: "{{ downloads.runc.dest }}"
    dest: "{{ runc_bin_dir }}/runc"
    mode: 0755
    remote_src: true
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -52,6 +52,7 @@ image_arch: "{{host_architecture | default('amd64')}}"
 kubeadm_version: "{{ kube_version }}"
 etcd_version: v3.5.0
 crun_version: 1.2
 runc_version: v1.0.2
 kata_containers_version: 2.2.0
 gvisor_version: 20210921
@@ -110,6 +111,7 @@ calicoctl_download_url: "https://github.com/projectcalico/calicoctl/releases/dow
 calico_crds_download_url: "https://github.com/projectcalico/calico/archive/{{ calico_version }}.tar.gz"
 crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
 helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
 runc_download_url: "https://github.com/opencontainers/runc/releases/download/{{ runc_version }}/runc.{{ image_arch }}"
 crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}"
 kata_containers_download_url: "https://github.com/kata-containers/kata-containers/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz"
 # gVisor only supports amd64 and uses x86_64 to in the download link
@@ -117,6 +119,7 @@ gvisor_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/relea
 gvisor_containerd_shim_runsc_download_url: "https://storage.googleapis.com/gvisor/releases/release/{{ gvisor_version }}/{{ ansible_architecture }}/containerd-shim-runsc-v1"
 nerdctl_download_url: "https://github.com/containerd/nerdctl/releases/download/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
 krew_download_url: "https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz"
 containerd_download_url: "https://github.com/containerd/containerd/releases/download/v{{ containerd_version }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz"
 crictl_checksums:
  arm:
@@ -375,6 +378,14 @@ helm_archive_checksums:
  arm64:
    v3.7.0: 03bf55435b4ebef739f862334bdfbf7b7eed714b94340a22298c485b6626aaca
 runc_checksums:
  arm:
    v1.0.2: 0
  arm64:
    v1.0.2: 0
  amd64:
    v1.0.2: 44d1ba01a286aaf0b31b4be9c6abc20deab0653d44ecb0d93b4d0d20eac3e0b6
 crun_checksums:
  arm: 0
  amd64:
@@ -436,6 +447,21 @@ nerdctl_archive_checksums:
  amd64:
    0.12.1: 868dc5997c3edb0bd06f75012e71c2b15ee0885b83bad191fbe2a1d6d5f4f2ac
 # TODO(cristicalin): remove compatibility entries once debian9 and ubuntu16 jobs are dropped or docker is dropped
 containerd_archive_checksums:
  arm:
    latest: 0  # this is needed to make debian9 and ubuntu16 CI jobs happy
    1.4.9: 0
    1.5.5: 0
  arm64:
    latest: 0  # this is needed to make debian9 and ubuntu16 CI jobs happy
    1.4.9: 0
    1.5.5: 0
  amd64:
    latest: 0  # this is needed to make debian9 and ubuntu16 CI jobs happy
    1.4.9: 346f88ad5b973960ff81b5539d4177af5941ec2e4703b479ca9a6081ff1d023b
    1.5.5: 8efc527ffb772a82021800f0151374a3113ed2439922497ff08f2596a70f10f1
 etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch] }}"
 cni_binary_checksum: "{{ cni_binary_checksums[image_arch] }}"
 kubelet_binary_checksum: "{{ kubelet_checksums[image_arch][kube_version] }}"
@@ -445,12 +471,14 @@ calicoctl_binary_checksum: "{{ calicoctl_binary_checksums[image_arch][calico_ctl
 calico_crds_archive_checksum: "{{ calico_crds_archive_checksums[calico_version] }}"
 crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}"
 helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}"
 runc_binary_checksum: "{{ runc_checksums[image_arch][runc_version] }}"
 crun_binary_checksum: "{{ crun_checksums[image_arch][crun_version] }}"
 kata_containers_binary_checksum: "{{ kata_containers_binary_checksums[image_arch][kata_containers_version] }}"
 gvisor_runsc_binary_checksum: "{{ gvisor_runsc_binary_checksums[image_arch][gvisor_version] }}"
 gvisor_containerd_shim_binary_checksum: "{{ gvisor_containerd_shim_binary_checksums[image_arch][gvisor_version] }}"
 nerdctl_archive_checksum: "{{ nerdctl_archive_checksums[image_arch][nerdctl_version] }}"
 krew_archive_checksum: "{{ krew_archive_checksums[krew_version] }}"
 containerd_archive_checksum: "{{ containerd_archive_checksums[image_arch][containerd_version] }}"
 # Containers
 # In some cases, we need a way to set --registry-mirror or --insecure-registry for docker,
@@ -737,6 +765,19 @@ downloads:
    groups:
    - k8s_cluster
  runc:
    file: true
    enabled: "{{ container_manager == 'containerd' }}"
    version: "{{ runc_version }}"
    dest: "{{ local_release_dir }}/runc"
    sha256: "{{ runc_binary_checksum }}"
    url: "{{ runc_download_url }}"
    unarchive: false
    owner: "root"
    mode: "0755"
    groups:
    - k8s_cluster
  kata_containers:
    enabled: "{{ kata_containers_enabled }}"
    file: true
@@ -750,6 +791,19 @@ downloads:
    groups:
    - k8s_cluster
  containerd:
    enabled: "{{ container_manager == 'containerd' }}"
    file: true
    version: "{{ containerd_version }}"
    dest: "{{ local_release_dir }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz"
    sha256: "{{ containerd_archive_checksum }}"
    url: "{{ containerd_download_url }}"
    unarchive: false
    owner: "root"
    mode: "0755"
    groups:
    - k8s_cluster
  gvisor_runsc:
    enabled: "{{ gvisor_enabled }}"
    file: true
--- a/roles/kubernetes/preinstall/vars/amazon.yml
+++ b/roles/kubernetes/preinstall/vars/amazon.yml
@@ -0,0 +1,7 @@
 ---
 required_pkgs:
  - libselinux-python
  - device-mapper-libs
  - nss
  - conntrack-tools
  - libseccomp
--- a/roles/kubernetes/preinstall/vars/centos.yml
+++ b/roles/kubernetes/preinstall/vars/centos.yml
@@ -4,3 +4,5 @@ required_pkgs:
  - device-mapper-libs
  - nss
  - conntrack
  - container-selinux
  - libseccomp
--- a/roles/kubernetes/preinstall/vars/debian-11.yml
+++ b/roles/kubernetes/preinstall/vars/debian-11.yml
@@ -7,3 +7,4 @@ required_pkgs:
  - conntrack
  - iptables
  - apparmor
  - libseccomp2
--- a/roles/kubernetes/preinstall/vars/debian.yml
+++ b/roles/kubernetes/preinstall/vars/debian.yml
@@ -6,3 +6,4 @@ required_pkgs:
  - software-properties-common
  - conntrack
  - apparmor
  - libseccomp2
--- a/roles/kubernetes/preinstall/vars/fedora.yml
+++ b/roles/kubernetes/preinstall/vars/fedora.yml
@@ -3,3 +3,5 @@ required_pkgs:
  - libselinux-python3
  - device-mapper-libs
  - conntrack
  - container-selinux
  - libseccomp
--- a/roles/kubernetes/preinstall/vars/redhat.yml
+++ b/roles/kubernetes/preinstall/vars/redhat.yml
@@ -4,3 +4,5 @@ required_pkgs:
  - device-mapper-libs
  - nss
  - conntrack
  - container-selinux
  - libseccomp
--- a/roles/kubernetes/preinstall/vars/suse.yml
+++ b/roles/kubernetes/preinstall/vars/suse.yml
@@ -2,3 +2,4 @@
 required_pkgs:
  - device-mapper
  - conntrack-tools
  - libseccomp2
--- a/roles/kubernetes/preinstall/vars/ubuntu.yml
+++ b/roles/kubernetes/preinstall/vars/ubuntu.yml
@@ -6,3 +6,4 @@ required_pkgs:
  - software-properties-common
  - conntrack
  - apparmor
  - libseccomp2
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -169,6 +169,25 @@
  tags:
    - services
 - name: reset | remove containerd
  when: container_manager == 'containerd'
  block:
    - name: reset | stop containerd service
      service:
        name: containerd
        state: stopped
      failed_when: false
      tags:
        - services
    - name: reset | remove containerd service
      file:
        path: /etc/systemd/system/containerd.service
        state: absent
      register: services_removed
      tags:
        - services
 - name: reset | gather mounted kubelet dirs  # noqa 301
  shell: set -o pipefail && mount | grep /var/lib/kubelet/ | awk '{print $3}' | tac
  args:
@@ -279,6 +298,7 @@
    - "{{ bin_dir }}/etcd"
    - "{{ bin_dir }}/etcd-events"
    - "{{ bin_dir }}/etcdctl"
    - "{{ bin_dir }}/etcdctl.sh"
    - "{{ bin_dir }}/kubernetes-scripts"
    - "{{ bin_dir }}/kubectl"
    - "{{ bin_dir }}/kubeadm"
@@ -310,6 +330,26 @@
  tags:
    - files
 - name: reset | remove containerd binary files
  file:
    path: "{{ containerd_bin_dir }}/{{ item }}"
    state: absent
  with_items:
    - containerd
    - containerd-shim
    - containerd-shim-runc-v1
    - containerd-shim-runc-v2
    - containerd-stress
    - crictl
    - critest
    - ctd-decoder
    - ctr
    - runc
  ignore_errors: true  # noqa ignore-errors
  when: container_manager == 'containerd'
  tags:
    - files
 - name: reset | remove dns settings from dhclient.conf
  blockinfile:
    path: "{{ item }}"
--- a/tests/files/packet_debian9-calico-upgrade-once.yml
+++ b/tests/files/packet_debian9-calico-upgrade-once.yml
@@ -8,3 +8,6 @@ kube_network_plugin: calico
 deploy_netchecker: true
 dns_min_replicas: 1
 download_run_once: true
 # Make docker happy
 containerd_version: latest
--- a/tests/files/packet_debian9-calico-upgrade.yml
+++ b/tests/files/packet_debian9-calico-upgrade.yml
@@ -7,3 +7,6 @@ mode: default
 kube_network_plugin: calico
 deploy_netchecker: true
 dns_min_replicas: 1
 # Make docker happy
 containerd_version: latest
--- a/tests/files/packet_debian9-macvlan.yml
+++ b/tests/files/packet_debian9-macvlan.yml
@@ -12,3 +12,6 @@ kube_proxy_masquerade_all: true
 macvlan_interface: "eth0"
 auto_renew_certificates: true
 # Make docker happy
 containerd_version: latest
--- a/tests/files/packet_fedora34-kube-ovn-containerd.yml
+++ b/tests/files/packet_fedora34-kube-ovn-containerd.yml
@@ -5,7 +5,6 @@ mode: default
 # Kubespray settings
 container_manager: containerd
 containerd_version: latest
 etcd_deployment_type: host
 deploy_netchecker: true
 dns_min_replicas: 1
--- a/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml
+++ b/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml
@@ -9,5 +9,5 @@ kube_network_plugin: canal
 deploy_netchecker: true
 dns_min_replicas: 1
-# Ubuntu 16 packages for containerd are limited to 1.4.6
+# Make docker jobs happy
-containerd_version: 1.4.6
+containerd_version: latest
--- a/tests/files/packet_ubuntu16-canal-sep.yml
+++ b/tests/files/packet_ubuntu16-canal-sep.yml
@@ -9,5 +9,5 @@ kube_network_plugin: canal
 deploy_netchecker: true
 dns_min_replicas: 1
-# Ubuntu 16 packages for containerd are limited to 1.4.6
+# Make docker jobs happy
-containerd_version: 1.4.6
+containerd_version: latest
--- a/tests/files/packet_ubuntu16-flannel-ha.yml
+++ b/tests/files/packet_ubuntu16-flannel-ha.yml
@@ -11,5 +11,5 @@ skip_non_kubeadm_warning: true
 deploy_netchecker: true
 dns_min_replicas: 1
-# Ubuntu 16 packages for containerd are limited to 1.4.6
+# Make docker jobs happy
-containerd_version: 1.4.6
+containerd_version: latest
--- a/tests/files/packet_ubuntu16-kube-router-sep.yml
+++ b/tests/files/packet_ubuntu16-kube-router-sep.yml
@@ -9,5 +9,5 @@ kube_network_plugin: kube-router
 deploy_netchecker: true
 dns_min_replicas: 1
-# Ubuntu 16 packages for containerd are limited to 1.4.6
+# Make docker jobs happy
-containerd_version: 1.4.6
+containerd_version: latest
--- a/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml
+++ b/tests/files/packet_ubuntu16-kube-router-svc-proxy.yml
@@ -11,5 +11,5 @@ dns_min_replicas: 1
 kube_router_run_service_proxy: true
-# Ubuntu 16 packages for containerd are limited to 1.4.6
+# Make docker jobs happy
-containerd_version: 1.4.6
+containerd_version: latest
--- a/tests/files/packet_ubuntu16-weave-sep.yml
+++ b/tests/files/packet_ubuntu16-weave-sep.yml
@@ -10,5 +10,5 @@ dns_min_replicas: 1
 auto_renew_certificates: true
-# Ubuntu 16 packages for containerd are limited to 1.4.6
+# Make docker jobs happy
-containerd_version: 1.4.6
+containerd_version: latest