Merge pull request #13807 from spowelljr/improveContainerdConfig

containerd: use drop in config to update values

Makefile

@@ -23,7 +23,7 @@ KUBERNETES_VERSION ?= $(shell egrep "DefaultKubernetesVersion =" pkg/minikube/co
 KIC_VERSION ?= $(shell egrep "Version =" pkg/drivers/kic/types.go | cut -d \" -f2)
 
 # Default to .0 for higher cache hit rates, as build increments typically don't require new ISO versions
-ISO_VERSION ?= v1.26.0-1652998508-14153
+ISO_VERSION ?= v1.26.0-1653677468-13807
 # Dashes are valid in semver, but not Linux packaging. Use ~ to delimit alpha/beta
 DEB_VERSION ?= $(subst -,~,$(RAW_VERSION))
 DEB_REVISION ?= 0

deploy/iso/minikube-iso/arch/aarch64/package/containerd-bin-aarch64/config.toml

@@ -1,26 +1,16 @@
 version = 2
 root = "/var/lib/containerd"
 state = "/run/containerd"
-plugin_dir = ""
-disabled_plugins = []
-required_plugins = []
 oom_score = 0
+# imports
 
 [grpc]
   address = "/run/containerd/containerd.sock"
-  tcp_address = ""
-  tcp_tls_cert = ""
-  tcp_tls_key = ""
   uid = 0
   gid = 0
   max_recv_message_size = 16777216
   max_send_message_size = 16777216
 
-[ttrpc]
-  address = ""
-  uid = 0
-  gid = 0
-
 [debug]
   address = ""
   uid = 0
@@ -34,100 +24,47 @@ oom_score = 0
 [cgroup]
   path = ""
 
-[timeouts]
-  "io.containerd.timeout.shim.cleanup" = "5s"
-  "io.containerd.timeout.shim.load" = "5s"
-  "io.containerd.timeout.shim.shutdown" = "3s"
-  "io.containerd.timeout.task.state" = "2s"
-
 [plugins]
+  [plugins."io.containerd.monitor.v1.cgroups"]
+    no_prometheus = false
+  [plugins."io.containerd.grpc.v1.cri"]
+    stream_server_address = ""
+    stream_server_port = "10010"
+    enable_selinux = false
+    sandbox_image = "k8s.gcr.io/pause:3.6"
+    stats_collect_period = 10
+    enable_tls_streaming = false
+    max_container_log_line_size = 16384
+    restrict_oom_score_adj = false
+
+    [plugins."io.containerd.grpc.v1.cri".containerd]
+      discard_unpacked_layers = true
+      snapshotter = "overlayfs"
+      [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
+        runtime_type = "io.containerd.runc.v2"
+      [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
+        runtime_type = ""
+        runtime_engine = ""
+        runtime_root = ""
+      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+          runtime_type = "io.containerd.runc.v2"
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+            SystemdCgroup = false
+
+    [plugins."io.containerd.grpc.v1.cri".cni]
+      bin_dir = "/opt/cni/bin"
+      conf_dir = "/etc/cni/net.mk"
+      conf_template = ""
+    [plugins."io.containerd.grpc.v1.cri".registry]
+      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
+        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
+          endpoint = ["https://registry-1.docker.io"]
+  [plugins."io.containerd.service.v1.diff-service"]
+    default = ["walking"]
   [plugins."io.containerd.gc.v1.scheduler"]
     pause_threshold = 0.02
     deletion_threshold = 0
     mutation_threshold = 100
     schedule_delay = "0s"
     startup_delay = "100ms"
-  [plugins."io.containerd.grpc.v1.cri"]
-    disable_tcp_service = true
-    stream_server_address = ""
-    stream_server_port = "10010"
-    stream_idle_timeout = "4h0m0s"
-    enable_selinux = false
-    selinux_category_range = 1024
-    sandbox_image = "k8s.gcr.io/pause:3.2"
-    stats_collect_period = 10
-    systemd_cgroup = true
-    enable_tls_streaming = false
-    max_container_log_line_size = 16384
-    disable_cgroup = false
-    disable_apparmor = false
-    restrict_oom_score_adj = false
-    max_concurrent_downloads = 3
-    disable_proc_mount = false
-    unset_seccomp_profile = ""
-    tolerate_missing_hugetlb_controller = true
-    disable_hugetlb_controller = true
-    ignore_image_defined_volumes = false
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-      snapshotter = "overlayfs"
-      default_runtime_name = "runc"
-      no_pivot = false
-      disable_snapshot_annotations = true
-      discard_unpacked_layers = false
-      [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
-        runtime_type = ""
-        runtime_engine = ""
-        runtime_root = ""
-        privileged_without_host_devices = false
-        base_runtime_spec = ""
-      [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
-        runtime_type = ""
-        runtime_engine = ""
-        runtime_root = ""
-        privileged_without_host_devices = false
-        base_runtime_spec = ""
-      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-          runtime_type = "io.containerd.runc.v2"
-          runtime_engine = ""
-          runtime_root = ""
-          privileged_without_host_devices = false
-          base_runtime_spec = ""
-          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    [plugins."io.containerd.grpc.v1.cri".cni]
-      bin_dir = "/opt/cni/bin"
-      conf_dir = "/etc/cni/net.d"
-      max_conf_num = 1
-      conf_template = ""
-    [plugins."io.containerd.grpc.v1.cri".registry]
-      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-          endpoint = ["https://registry-1.docker.io"]
-    [plugins."io.containerd.grpc.v1.cri".image_decryption]
-      key_model = ""
-    [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
-      tls_cert_file = ""
-      tls_key_file = ""
-  [plugins."io.containerd.internal.v1.opt"]
-    path = "/opt/containerd"
-  [plugins."io.containerd.internal.v1.restart"]
-    interval = "10s"
-  [plugins."io.containerd.metadata.v1.bolt"]
-    content_sharing_policy = "shared"
-  [plugins."io.containerd.monitor.v1.cgroups"]
-    no_prometheus = false
-  [plugins."io.containerd.runtime.v1.linux"]
-    shim = "containerd-shim"
-    runtime = "runc"
-    runtime_root = ""
-    no_shim = false
-    shim_debug = false
-  [plugins."io.containerd.runtime.v2.task"]
-    platforms = ["linux/amd64"]
-  [plugins."io.containerd.service.v1.diff-service"]
-    default = ["walking"]
-  [plugins."io.containerd.snapshotter.v1.devmapper"]
-    root_path = ""
-    pool_name = ""
-    base_image_size = ""
-    async_remove = false

deploy/iso/minikube-iso/arch/aarch64/package/containerd-bin-aarch64/containerd-bin.mk

@@ -26,6 +26,7 @@ endef
 
 define CONTAINERD_BIN_AARCH64_CONFIGURE_CMDS
 	mkdir -p $(CONTAINERD_BIN_AARCH64_GOPATH)/src/github.com/containerd
+	mkdir -p $(TARGET_DIR)/etc/containerd/containerd.conf.d
 	ln -sf $(@D) $(CONTAINERD_BIN_AARCH64_COMPILE_SRC)
 endef
 

deploy/iso/minikube-iso/arch/x86_64/package/containerd-bin/config.toml

@@ -1,26 +1,16 @@
 version = 2
 root = "/var/lib/containerd"
 state = "/run/containerd"
-plugin_dir = ""
-disabled_plugins = []
-required_plugins = []
 oom_score = 0
+# imports
 
 [grpc]
   address = "/run/containerd/containerd.sock"
-  tcp_address = ""
-  tcp_tls_cert = ""
-  tcp_tls_key = ""
   uid = 0
   gid = 0
   max_recv_message_size = 16777216
   max_send_message_size = 16777216
 
-[ttrpc]
-  address = ""
-  uid = 0
-  gid = 0
-
 [debug]
   address = ""
   uid = 0
@@ -34,100 +24,47 @@ oom_score = 0
 [cgroup]
   path = ""
 
-[timeouts]
-  "io.containerd.timeout.shim.cleanup" = "5s"
-  "io.containerd.timeout.shim.load" = "5s"
-  "io.containerd.timeout.shim.shutdown" = "3s"
-  "io.containerd.timeout.task.state" = "2s"
-
 [plugins]
+  [plugins."io.containerd.monitor.v1.cgroups"]
+    no_prometheus = false
+  [plugins."io.containerd.grpc.v1.cri"]
+    stream_server_address = ""
+    stream_server_port = "10010"
+    enable_selinux = false
+    sandbox_image = "k8s.gcr.io/pause:3.6"
+    stats_collect_period = 10
+    enable_tls_streaming = false
+    max_container_log_line_size = 16384
+    restrict_oom_score_adj = false
+
+    [plugins."io.containerd.grpc.v1.cri".containerd]
+      discard_unpacked_layers = true
+      snapshotter = "overlayfs"
+      [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
+        runtime_type = "io.containerd.runc.v2"
+      [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
+        runtime_type = ""
+        runtime_engine = ""
+        runtime_root = ""
+      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+          runtime_type = "io.containerd.runc.v2"
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+            SystemdCgroup = false
+
+    [plugins."io.containerd.grpc.v1.cri".cni]
+      bin_dir = "/opt/cni/bin"
+      conf_dir = "/etc/cni/net.mk"
+      conf_template = ""
+    [plugins."io.containerd.grpc.v1.cri".registry]
+      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
+        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
+          endpoint = ["https://registry-1.docker.io"]
+  [plugins."io.containerd.service.v1.diff-service"]
+    default = ["walking"]
   [plugins."io.containerd.gc.v1.scheduler"]
     pause_threshold = 0.02
     deletion_threshold = 0
     mutation_threshold = 100
     schedule_delay = "0s"
     startup_delay = "100ms"
-  [plugins."io.containerd.grpc.v1.cri"]
-    disable_tcp_service = true
-    stream_server_address = ""
-    stream_server_port = "10010"
-    stream_idle_timeout = "4h0m0s"
-    enable_selinux = false
-    selinux_category_range = 1024
-    sandbox_image = "k8s.gcr.io/pause:3.2"
-    stats_collect_period = 10
-    systemd_cgroup = true
-    enable_tls_streaming = false
-    max_container_log_line_size = 16384
-    disable_cgroup = false
-    disable_apparmor = false
-    restrict_oom_score_adj = false
-    max_concurrent_downloads = 3
-    disable_proc_mount = false
-    unset_seccomp_profile = ""
-    tolerate_missing_hugetlb_controller = true
-    disable_hugetlb_controller = true
-    ignore_image_defined_volumes = false
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-      snapshotter = "overlayfs"
-      default_runtime_name = "runc"
-      no_pivot = false
-      disable_snapshot_annotations = true
-      discard_unpacked_layers = false
-      [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
-        runtime_type = ""
-        runtime_engine = ""
-        runtime_root = ""
-        privileged_without_host_devices = false
-        base_runtime_spec = ""
-      [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
-        runtime_type = ""
-        runtime_engine = ""
-        runtime_root = ""
-        privileged_without_host_devices = false
-        base_runtime_spec = ""
-      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-          runtime_type = "io.containerd.runc.v2"
-          runtime_engine = ""
-          runtime_root = ""
-          privileged_without_host_devices = false
-          base_runtime_spec = ""
-          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    [plugins."io.containerd.grpc.v1.cri".cni]
-      bin_dir = "/opt/cni/bin"
-      conf_dir = "/etc/cni/net.d"
-      max_conf_num = 1
-      conf_template = ""
-    [plugins."io.containerd.grpc.v1.cri".registry]
-      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-          endpoint = ["https://registry-1.docker.io"]
-    [plugins."io.containerd.grpc.v1.cri".image_decryption]
-      key_model = ""
-    [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
-      tls_cert_file = ""
-      tls_key_file = ""
-  [plugins."io.containerd.internal.v1.opt"]
-    path = "/opt/containerd"
-  [plugins."io.containerd.internal.v1.restart"]
-    interval = "10s"
-  [plugins."io.containerd.metadata.v1.bolt"]
-    content_sharing_policy = "shared"
-  [plugins."io.containerd.monitor.v1.cgroups"]
-    no_prometheus = false
-  [plugins."io.containerd.runtime.v1.linux"]
-    shim = "containerd-shim"
-    runtime = "runc"
-    runtime_root = ""
-    no_shim = false
-    shim_debug = false
-  [plugins."io.containerd.runtime.v2.task"]
-    platforms = ["linux/amd64"]
-  [plugins."io.containerd.service.v1.diff-service"]
-    default = ["walking"]
-  [plugins."io.containerd.snapshotter.v1.devmapper"]
-    root_path = ""
-    pool_name = ""
-    base_image_size = ""
-    async_remove = false

deploy/iso/minikube-iso/arch/x86_64/package/containerd-bin/containerd-bin.mk

@@ -27,6 +27,7 @@ endef
 
 define CONTAINERD_BIN_CONFIGURE_CMDS
 	mkdir -p $(CONTAINERD_BIN_GOPATH)/src/github.com/containerd
+	mkdir -p $(TARGET_DIR)/etc/containerd/containerd.conf.d
 	ln -sf $(@D) $(CONTAINERD_BIN_COMPILE_SRC)
 endef
 

deploy/kicbase/Dockerfile

@@ -48,6 +48,7 @@ ARG TARGETARCH
 COPY deploy/kicbase/10-network-security.conf /etc/sysctl.d/10-network-security.conf
 COPY deploy/kicbase/11-tcp-mtu-probing.conf /etc/sysctl.d/11-tcp-mtu-probing.conf
 COPY deploy/kicbase/02-crio.conf /etc/crio/crio.conf.d/02-crio.conf
+COPY deploy/kicbase/containerd.toml /etc/containerd/config.toml
 COPY deploy/kicbase/clean-install /usr/local/bin/clean-install
 COPY deploy/kicbase/entrypoint /usr/local/bin/entrypoint
 COPY --from=auto-pause /src/cmd/auto-pause/auto-pause /bin/auto-pause

deploy/kicbase/clean-install

@@ -26,7 +26,7 @@ if [ $# = 0 ]; then
 fi
 
 apt-get update
-apt-get install -y --no-install-recommends "$@"
+apt-get install -y --no-install-recommends -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" "$@"
 apt-get clean -y
 rm -rf \
    /var/cache/debconf/* \

deploy/kicbase/containerd.toml

@@ -0,0 +1,70 @@
+version = 2
+root = "/var/lib/containerd"                                     
+state = "/run/containerd"
+oom_score = 0      
+# imports
+
+[grpc]
+  address = "/run/containerd/containerd.sock"
+  uid = 0
+  gid = 0
+  max_recv_message_size = 16777216
+  max_send_message_size = 16777216
+
+[debug]
+  address = ""
+  uid = 0
+  gid = 0
+  level = ""
+
+[metrics]
+  address = ""
+  grpc_histogram = false
+
+[cgroup]
+  path = ""
+
+[plugins]
+  [plugins."io.containerd.monitor.v1.cgroups"]
+    no_prometheus = false
+  [plugins."io.containerd.grpc.v1.cri"]
+    stream_server_address = ""
+    stream_server_port = "10010"
+    enable_selinux = false
+    sandbox_image = "k8s.gcr.io/pause:3.6"
+    stats_collect_period = 10
+    enable_tls_streaming = false
+    max_container_log_line_size = 16384
+    restrict_oom_score_adj = false
+
+    [plugins."io.containerd.grpc.v1.cri".containerd]
+      discard_unpacked_layers = true
+      snapshotter = "overlayfs"
+      [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
+        runtime_type = "io.containerd.runc.v2"
+      [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
+        runtime_type = ""
+        runtime_engine = ""
+        runtime_root = ""
+      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+          runtime_type = "io.containerd.runc.v2"
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+            SystemdCgroup = false
+
+    [plugins."io.containerd.grpc.v1.cri".cni]
+      bin_dir = "/opt/cni/bin"
+      conf_dir = "/etc/cni/net.mk"
+      conf_template = ""
+    [plugins."io.containerd.grpc.v1.cri".registry]
+      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
+        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
+          endpoint = ["https://registry-1.docker.io"]
+  [plugins."io.containerd.service.v1.diff-service"]
+    default = ["walking"]
+  [plugins."io.containerd.gc.v1.scheduler"]
+    pause_threshold = 0.02
+    deletion_threshold = 0
+    mutation_threshold = 100
+    schedule_delay = "0s"
+    startup_delay = "100ms"

pkg/drivers/kic/types.go

@@ -24,9 +24,9 @@ import (
 
 const (
 	// Version is the current version of kic
-	Version = "v0.0.31-1653596720-14230"
+	Version = "v0.0.31-1653677545-13807"
 	// SHA of the kic base image
-	baseImageSHA = "e953786303ac8350802546ee187d34e89f0007072a54fdbcc2f86a1fb8575418"
+	baseImageSHA = "312115a5663b1250effab8ed8ada9435fca80af41962223c98bf66f86b32c52a"
 	// The name of the GCR kicbase repository
 	gcrRepo = "gcr.io/k8s-minikube/kicbase-builds"
 	// The name of the Dockerhub kicbase repository

pkg/minikube/cruntime/containerd.go

@@ -45,79 +45,13 @@ import (
 const (
 	containerdNamespaceRoot = "/run/containerd/runc/k8s.io"
 	// ContainerdConfFile is the path to the containerd configuration
-	containerdConfigFile     = "/etc/containerd/config.toml"
-	containerdConfigTemplate = `version = 2
-root = "/var/lib/containerd"
-state = "/run/containerd"
-oom_score = 0
-[grpc]
-  address = "/run/containerd/containerd.sock"
-  uid = 0
-  gid = 0
-  max_recv_message_size = 16777216
-  max_send_message_size = 16777216
-
-[debug]
-  address = ""
-  uid = 0
-  gid = 0
-  level = ""
-
-[metrics]
-  address = ""
-  grpc_histogram = false
-
-[cgroup]
-  path = ""
-
-[plugins]
-  [plugins."io.containerd.monitor.v1.cgroups"]
-    no_prometheus = false
-  [plugins."io.containerd.grpc.v1.cri"]
-    stream_server_address = ""
-    stream_server_port = "10010"
-    enable_selinux = false
-    sandbox_image = "{{ .PodInfraContainerImage }}"
-    stats_collect_period = 10
-    enable_tls_streaming = false
-    max_container_log_line_size = 16384
-    restrict_oom_score_adj = {{ .RestrictOOMScoreAdj }}
-
-    [plugins."io.containerd.grpc.v1.cri".containerd]
-      discard_unpacked_layers = true
-      snapshotter = "{{ .Snapshotter }}"
-      [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
-        runtime_type = "io.containerd.runc.v2"
-      [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
-        runtime_type = ""
-        runtime_engine = ""
-        runtime_root = ""
-      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
-        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-          runtime_type = "io.containerd.runc.v2"
-          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-            SystemdCgroup = {{ .SystemdCgroup }}
-
-    [plugins."io.containerd.grpc.v1.cri".cni]
-      bin_dir = "/opt/cni/bin"
-      conf_dir = "{{.CNIConfDir}}"
-      conf_template = ""
-    [plugins."io.containerd.grpc.v1.cri".registry]
-      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
-          endpoint = ["https://registry-1.docker.io"]
-        {{ range .InsecureRegistry -}}
-        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{. -}}"]
-          endpoint = ["http://{{. -}}"]
-        {{ end -}}
-  [plugins."io.containerd.service.v1.diff-service"]
-    default = ["walking"]
-  [plugins."io.containerd.gc.v1.scheduler"]
-    pause_threshold = 0.02
-    deletion_threshold = 0
-    mutation_threshold = 100
-    schedule_delay = "0s"
-    startup_delay = "100ms"
+	containerdConfigFile         = "/etc/containerd/config.toml"
+	containerdImportedConfigFile = "/etc/containerd/containerd.conf.d/02-containerd.conf"
+	containerdConfigTemplate     = `version = 2
+{{ range .InsecureRegistry -}}
+[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{. -}}"]
+  endpoint = ["http://{{. -}}"]
+{{ end -}}
 `
 )
 
@@ -193,29 +127,35 @@ func (r *Containerd) Available() error {
 	return nil
 }
 
-// generateContainerdConfig sets up /etc/containerd/config.toml
+// generateContainerdConfig sets up /etc/containerd/config.toml & /etc/containerd/containerd.conf.d/02-containerd.conf
 func generateContainerdConfig(cr CommandRunner, imageRepository string, kv semver.Version, forceSystemd bool, insecureRegistry []string, inUserNamespace bool) error {
-	cPath := containerdConfigFile
-	t, err := template.New("containerd.config.toml").Parse(containerdConfigTemplate)
+	pauseImage := images.Pause(kv, imageRepository)
+	if _, err := cr.RunCmd(exec.Command("/bin/bash", "-c", fmt.Sprintf("sudo sed -e 's|^.*sandbox_image = .*$|sandbox_image = \"%s\"|' -i %s", pauseImage, containerdConfigFile))); err != nil {
+		return errors.Wrap(err, "update sandbox_image")
+	}
+	if _, err := cr.RunCmd(exec.Command("/bin/bash", "-c", fmt.Sprintf("sudo sed -e 's|^.*restrict_oom_score_adj = .*$|restrict_oom_score_adj = %t|' -i %s", inUserNamespace, containerdConfigFile))); err != nil {
+		return errors.Wrap(err, "update restrict_oom_score_adj")
+	}
+	if _, err := cr.RunCmd(exec.Command("/bin/bash", "-c", fmt.Sprintf("sudo sed -e 's|^.*SystemdCgroup = .*$|SystemdCgroup = %t|' -i %s", forceSystemd, containerdConfigFile))); err != nil {
+		return errors.Wrap(err, "update SystemdCgroup")
+	}
+	if _, err := cr.RunCmd(exec.Command("/bin/bash", "-c", fmt.Sprintf("sudo sed -e 's|^.*conf_dir = .*$|conf_dir = \"%s\"|' -i %s", cni.ConfDir, containerdConfigFile))); err != nil {
+		return errors.Wrap(err, "update conf_dir")
+	}
+	imports := `imports = ["/etc/containerd/containerd.conf.d/02-containerd.conf"]`
+	if _, err := cr.RunCmd(exec.Command("/bin/bash", "-c", fmt.Sprintf("sudo sed -e 's|^# imports|%s|' -i %s", imports, containerdConfigFile))); err != nil {
+		return errors.Wrap(err, "update conf_dir")
+	}
+
+	cPath := containerdImportedConfigFile
+	t, err := template.New("02-containerd.conf").Parse(containerdConfigTemplate)
 	if err != nil {
 		return err
 	}
-	pauseImage := images.Pause(kv, imageRepository)
-	snapshotter := "overlayfs"
 	opts := struct {
-		PodInfraContainerImage string
-		SystemdCgroup          bool
-		InsecureRegistry       []string
-		CNIConfDir             string
-		RestrictOOMScoreAdj    bool
-		Snapshotter            string
+		InsecureRegistry []string
 	}{
-		PodInfraContainerImage: pauseImage,
-		SystemdCgroup:          forceSystemd,
-		InsecureRegistry:       insecureRegistry,
-		CNIConfDir:             cni.ConfDir,
-		RestrictOOMScoreAdj:    inUserNamespace,
-		Snapshotter:            snapshotter,
+		InsecureRegistry: insecureRegistry,
 	}
 	var b bytes.Buffer
 	if err := t.Execute(&b, opts); err != nil {

pkg/minikube/download/iso.go

@@ -41,7 +41,7 @@ const fileScheme = "file"
 // DefaultISOURLs returns a list of ISO URL's to consult by default, in priority order
 func DefaultISOURLs() []string {
 	v := version.GetISOVersion()
-	isoBucket := "minikube-builds/iso/14153"
+	isoBucket := "minikube-builds/iso/13807"
 	return []string{
 		fmt.Sprintf("https://storage.googleapis.com/%s/minikube-%s-%s.iso", isoBucket, v, runtime.GOARCH),
 		fmt.Sprintf("https://github.com/kubernetes/minikube/releases/download/%s/minikube-%s-%s.iso", v, v, runtime.GOARCH),

site/content/en/docs/commands/start.md

@@ -26,7 +26,7 @@ minikube start [flags]
       --apiserver-names strings           A set of apiserver names which are used in the generated certificate for kubernetes.  This can be used if you want to make the apiserver available from outside the machine
       --apiserver-port int                The apiserver listening port (default 8443)
       --auto-update-drivers               If set, automatically updates drivers to the latest version. Defaults to true. (default true)
-      --base-image string                 The base image to use for docker/podman drivers. Intended for local development. (default "gcr.io/k8s-minikube/kicbase-builds:v0.0.31-1653596720-14230@sha256:e953786303ac8350802546ee187d34e89f0007072a54fdbcc2f86a1fb8575418")
+      --base-image string                 The base image to use for docker/podman drivers. Intended for local development. (default "gcr.io/k8s-minikube/kicbase-builds:v0.0.31-1653677545-13807@sha256:312115a5663b1250effab8ed8ada9435fca80af41962223c98bf66f86b32c52a")
       --binary-mirror string              Location to fetch kubectl, kubelet, & kubeadm binaries from.
       --cache-images                      If true, cache docker images for the current bootstrapper and load them into the machine. Always false with --driver=none. (default true)
       --cert-expiration duration          Duration until minikube certificate expiration, defaults to three years (26280h). (default 26280h0m0s)
@@ -69,7 +69,7 @@ minikube start [flags]
       --insecure-registry strings         Insecure Docker registries to pass to the Docker daemon.  The default service CIDR range will automatically be added.
       --install-addons                    If set, install addons. Defaults to true. (default true)
       --interactive                       Allow user prompts for more information (default true)
-      --iso-url strings                   Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube-builds/iso/14153/minikube-v1.26.0-1652998508-14153-amd64.iso,https://github.com/kubernetes/minikube/releases/download/v1.26.0-1652998508-14153/minikube-v1.26.0-1652998508-14153-amd64.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.26.0-1652998508-14153-amd64.iso,https://storage.googleapis.com/minikube-builds/iso/14153/minikube-v1.26.0-1652998508-14153.iso,https://github.com/kubernetes/minikube/releases/download/v1.26.0-1652998508-14153/minikube-v1.26.0-1652998508-14153.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.26.0-1652998508-14153.iso])
+      --iso-url strings                   Locations to fetch the minikube ISO from. (default [https://storage.googleapis.com/minikube-builds/iso/13807/minikube-v1.26.0-1653677468-13807-amd64.iso,https://github.com/kubernetes/minikube/releases/download/v1.26.0-1653677468-13807/minikube-v1.26.0-1653677468-13807-amd64.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.26.0-1653677468-13807-amd64.iso,https://storage.googleapis.com/minikube-builds/iso/13807/minikube-v1.26.0-1653677468-13807.iso,https://github.com/kubernetes/minikube/releases/download/v1.26.0-1653677468-13807/minikube-v1.26.0-1653677468-13807.iso,https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.26.0-1653677468-13807.iso])
       --keep-context                      This will keep the existing kubectl context and will create a minikube context.
       --kubernetes-version string         The Kubernetes version that the minikube VM will use (ex: v1.2.3, 'stable' for v1.23.6, 'latest' for v1.23.6). Defaults to 'stable'.
       --kvm-gpu                           Enable experimental NVIDIA GPU support in minikube