Add cri-dockerd support as backend for --docker flag

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-06-07 19:41:36 +00:00 · 2021-12-16 12:00:40 -08:00 · 2021-12-16 12:00:40 -08:00 · 4aca21a1f1
commit 4aca21a1f1
parent b1fa63dfb7
18 changed files with 208 additions and 47 deletions
--- a/go.mod
+++ b/go.mod
@ -4,6 +4,7 @@ go 1.16

 replace (
 	github.com/Microsoft/hcsshim => github.com/Microsoft/hcsshim v0.8.22
+	github.com/Mirantis/cri-dockerd => github.com/k3s-io/cri-dockerd v0.2.4-0.20220729204449-bcbb75d5abff // k3s-master
 	github.com/cloudnativelabs/kube-router => github.com/k3s-io/kube-router v1.5.1-0.20220630214451-a43bcd8511d2
 	github.com/containerd/cgroups => github.com/containerd/cgroups v1.0.1
 	github.com/containerd/containerd => github.com/k3s-io/containerd v1.5.13-k3s1 // k3s-release/1.5
@ -65,6 +66,7 @@ replace (

 require (
 	github.com/Microsoft/hcsshim v0.9.2
+	github.com/Mirantis/cri-dockerd v0.0.0-00010101000000-000000000000
 	github.com/cloudnativelabs/kube-router v1.3.2
 	github.com/containerd/cgroups v1.0.3
 	github.com/containerd/containerd v1.6.2
@ -129,7 +131,7 @@ require (
 	k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible
 	k8s.io/cloud-provider v0.24.3
 	k8s.io/component-base v0.24.3
-	k8s.io/component-helpers v0.0.0
+	k8s.io/component-helpers v0.24.3
 	k8s.io/controller-manager v0.24.3 // indirect
 	k8s.io/cri-api v0.24.3
 	k8s.io/klog v1.0.0
--- a/go.sum
+++ b/go.sum
@ -247,6 +247,7 @@ github.com/containerd/ttrpc v1.1.0/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Ev
 github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY=
 github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
 github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
+github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/containernetworking/cni v1.0.1/go.mod h1:AKuhXbN5EzmD4yTNtfSsX3tPcmtrBI6QcRV0NiNt15Y=
 github.com/containernetworking/cni v1.1.0 h1:T00oIz4hef+/p9gpRZa57SnIN+QnbmAHBjbxaOSFo9U=
@ -652,6 +653,7 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
@ -706,6 +708,8 @@ github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E
 github.com/k-sone/critbitgo v1.4.0/go.mod h1:7E6pyoyADnFxlUBEKcnfS49b7SUAQGMK+OAp/UQvo0s=
 github.com/k3s-io/containerd v1.5.13-k3s1 h1:a5qvrZZ5u4dn65XVajzLGUeUGiBXSE5qos3xF4BdRc4=
 github.com/k3s-io/containerd v1.5.13-k3s1/go.mod h1:zUdlwwmj8Xwd65Wz+vPGjonBN3FFAkSGwRloPefnNN4=
+github.com/k3s-io/cri-dockerd v0.2.4-0.20220729204449-bcbb75d5abff h1:iyPObk0AH8KArYJ8AEpe5CfJQ2W8ffRbyKMETtT2NwI=
+github.com/k3s-io/cri-dockerd v0.2.4-0.20220729204449-bcbb75d5abff/go.mod h1:2SAxAoj3lTHgTDwxGcpxUrKEbIWWrCFwNRMbPBR3U7E=
 github.com/k3s-io/cri-tools v1.24.0-k3s1 h1:Em7IZ/ElBFbHlPLjV0w2ttORxFl5upBxnbP/9IlT/3c=
 github.com/k3s-io/cri-tools v1.24.0-k3s1/go.mod h1:w4C33mk2AZdmAVybCyVbHYJUKdbr1sRelBTG7lduYh0=
 github.com/k3s-io/etcd/api/v3 v3.5.3-k3s1 h1:XY2oUIIy2+DR7zXk/BVqQ4f2qFHbd2VTAGrnrT4IxhA=
@ -942,6 +946,7 @@ github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9
 github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
+github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
--- a/pkg/agent/config/config.go
+++ b/pkg/agent/config/config.go
@ -463,6 +463,7 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N
 	nodeConfig.AgentConfig.StrongSwanDir = filepath.Join(envInfo.DataDir, "agent", "strongswan")
 	nodeConfig.Containerd.Config = filepath.Join(envInfo.DataDir, "agent", "etc", "containerd", "config.toml")
 	nodeConfig.Containerd.Root = filepath.Join(envInfo.DataDir, "agent", "containerd")
+	nodeConfig.CRIDockerd.Root = filepath.Join(envInfo.DataDir, "agent", "cri-dockerd")
 	if !nodeConfig.Docker && nodeConfig.ContainerRuntimeEndpoint == "" {
 		switch nodeConfig.AgentConfig.Snapshotter {
 		case "overlayfs":
@ -488,6 +489,7 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N
 		nodeConfig.Containerd.Log = filepath.Join(envInfo.DataDir, "agent", "containerd", "containerd.log")
 	}
 	applyContainerdStateAndAddress(nodeConfig)
+	applyCRIDockerdAddress(nodeConfig)
 	nodeConfig.Containerd.Template = filepath.Join(envInfo.DataDir, "agent", "etc", "containerd", "config.toml.tmpl")
 	nodeConfig.Certificate = servingCert

@ -536,11 +538,13 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N
 		nodeConfig.AgentConfig.FlannelCniConfFile = envInfo.FlannelCniConfFile
 	}

-	if !nodeConfig.Docker && nodeConfig.ContainerRuntimeEndpoint == "" {
+	if nodeConfig.Docker {
+		nodeConfig.AgentConfig.CNIPlugin = true
+		nodeConfig.AgentConfig.RuntimeSocket = nodeConfig.CRIDockerd.Address
+	} else if nodeConfig.ContainerRuntimeEndpoint == "" {
 		nodeConfig.AgentConfig.RuntimeSocket = nodeConfig.Containerd.Address
 	} else {
 		nodeConfig.AgentConfig.RuntimeSocket = nodeConfig.ContainerRuntimeEndpoint
-		nodeConfig.AgentConfig.CNIPlugin = true
 	}

 	if controlConfig.ClusterIPRange != nil {
--- a/pkg/agent/config/config_linux.go
+++ b/pkg/agent/config/config_linux.go
@ -13,3 +13,7 @@ func applyContainerdStateAndAddress(nodeConfig *config.Node) {
 	nodeConfig.Containerd.State = "/run/k3s/containerd"
 	nodeConfig.Containerd.Address = filepath.Join(nodeConfig.Containerd.State, "containerd.sock")
 }
+
+func applyCRIDockerdAddress(nodeConfig *config.Node) {
+	nodeConfig.CRIDockerd.Address = "unix:///run/k3s/cri-dockerd/cri-dockerd.sock"
+}
--- a/pkg/agent/config/config_windows.go
+++ b/pkg/agent/config/config_windows.go
@ -13,3 +13,7 @@ func applyContainerdStateAndAddress(nodeConfig *config.Node) {
 	nodeConfig.Containerd.State = filepath.Join(nodeConfig.Containerd.Root, "state")
 	nodeConfig.Containerd.Address = "npipe:////./pipe/containerd-containerd"
 }
+
+func applyCRIDockerdAddress(nodeConfig *config.Node) {
+	nodeConfig.CRIDockerd.Address = "npipe:////.pipe/cri-dockerd"
+}
--- a/pkg/agent/containerd/config_linux.go
+++ b/pkg/agent/containerd/config_linux.go
@ -26,6 +26,8 @@ import (
 	"k8s.io/kubernetes/pkg/kubelet/util"
 )

+const socketPrefix = "unix://"
+
 func getContainerdArgs(cfg *config.Node) []string {
 	args := []string{
 		"containerd",
@ -100,7 +102,7 @@ func setupContainerdConfig(ctx context.Context, cfg *config.Node) error {

 // criConnection connects to a CRI socket at the given path.
 func CriConnection(ctx context.Context, address string) (*grpc.ClientConn, error) {
-	addr, dialer, err := util.GetAddressAndDialer("unix://" + address)
+	addr, dialer, err := util.GetAddressAndDialer(socketPrefix + address)
 	if err != nil {
 		return nil, err
 	}
@ -123,7 +125,7 @@ func CriConnection(ctx context.Context, address string) (*grpc.ClientConn, error
 }

 func Client(address string) (*containerd.Client, error) {
-	addr, _, err := util.GetAddressAndDialer("unix://" + address)
+	addr, _, err := util.GetAddressAndDialer(socketPrefix + address)
 	if err != nil {
 		return nil, err
 	}
--- a/pkg/agent/containerd/containerd.go
+++ b/pkg/agent/containerd/containerd.go
@ -38,12 +38,11 @@ const (
 // Run configures and starts containerd as a child process. Once it is up, images are preloaded
 // or pulled from files found in the agent images directory.
 func Run(ctx context.Context, cfg *config.Node) error {
-	args := getContainerdArgs(cfg)
-
 	if err := setupContainerdConfig(ctx, cfg); err != nil {
 		return err
 	}

+	args := getContainerdArgs(cfg)
 	stdOut := io.Writer(os.Stdout)
 	stdErr := io.Writer(os.Stderr)

--- a/pkg/agent/cridockerd/config_linux.go
+++ b/pkg/agent/cridockerd/config_linux.go
@ -0,0 +1,39 @@
+//go:build linux
+// +build linux
+
+package cridockerd
+
+import (
+	"context"
+	"strings"
+
+	"github.com/docker/docker/client"
+	"github.com/k3s-io/k3s/pkg/daemons/config"
+	"github.com/pkg/errors"
+)
+
+const socketPrefix = "unix://"
+
+func setupDockerCRIConfig(ctx context.Context, cfg *config.Node) error {
+	clientOpts := []client.Opt{client.FromEnv, client.WithAPIVersionNegotiation()}
+	if cfg.ContainerRuntimeEndpoint != "" {
+		host := cfg.ContainerRuntimeEndpoint
+		if !strings.HasPrefix(host, socketPrefix) {
+			host = socketPrefix + host
+		}
+		clientOpts = append(clientOpts, client.WithHost(host))
+	}
+	c, err := client.NewClientWithOpts(clientOpts...)
+	if err != nil {
+		return errors.Wrap(err, "failed to create docker client")
+	}
+	i, err := c.Info(ctx)
+	if err != nil {
+		return errors.Wrap(err, "failed to get docker runtime info")
+	}
+	// note: this mutatation of the passed agent.Config is later used to set the
+	// kubelet's cgroup-driver flag. This may merit moving to somewhere else in order
+	// to avoid mutating the configuration while setting up the docker CRI.
+	cfg.AgentConfig.Systemd = i.CgroupDriver == "systemd"
+	return nil
+}
--- a/pkg/agent/cridockerd/config_windows.go
+++ b/pkg/agent/cridockerd/config_windows.go
@ -0,0 +1,16 @@
+//go:build windows
+// +build windows
+
+package cridockerd
+
+import (
+	"context"
+
+	"github.com/k3s-io/k3s/pkg/daemons/config"
+)
+
+const socketPrefix = "npipe://"
+
+func setupDockerCRIConfig(ctx context.Context, cfg *config.Node) error {
+	return nil
+}
--- a/pkg/agent/cridockerd/cridockerd.go
+++ b/pkg/agent/cridockerd/cridockerd.go
@ -0,0 +1,79 @@
+package cridockerd
+
+import (
+	"context"
+	"os"
+	"runtime/debug"
+	"strings"
+
+	"github.com/Mirantis/cri-dockerd/cmd"
+	"github.com/k3s-io/k3s/pkg/cgroups"
+	"github.com/k3s-io/k3s/pkg/daemons/config"
+	"github.com/sirupsen/logrus"
+	utilsnet "k8s.io/utils/net"
+)
+
+func Run(ctx context.Context, cfg *config.Node) error {
+	if err := setupDockerCRIConfig(ctx, cfg); err != nil {
+		return err
+	}
+
+	args := getDockerCRIArgs(cfg)
+	command := cmd.NewDockerCRICommand(ctx.Done())
+	command.SetArgs(args)
+	logrus.Infof("Running cri-dockerd %s", config.ArgString(args))
+
+	go func() {
+		defer func() {
+			if err := recover(); err != nil {
+				logrus.Fatalf("cri-dockerd panic: %s", debug.Stack())
+			}
+		}()
+		logrus.Fatalf("cri-dockerd exited: %v", command.ExecuteContext(ctx))
+	}()
+
+	return nil
+}
+
+func getDockerCRIArgs(cfg *config.Node) []string {
+	argsMap := map[string]string{
+		"container-runtime-endpoint": cfg.CRIDockerd.Address,
+		"cri-dockerd-root-directory": cfg.CRIDockerd.Root,
+	}
+
+	if dualNode, _ := utilsnet.IsDualStackIPs(cfg.AgentConfig.NodeIPs); dualNode {
+		argsMap["ipv6-dual-stack"] = "true"
+	}
+
+	if logLevel := os.Getenv("CRIDOCKERD_LOG_LEVEL"); logLevel != "" {
+		argsMap["log-level"] = logLevel
+	}
+
+	if cfg.ContainerRuntimeEndpoint != "" {
+		endpoint := cfg.ContainerRuntimeEndpoint
+		if !strings.HasPrefix(endpoint, socketPrefix) {
+			endpoint = socketPrefix + endpoint
+		}
+		argsMap["docker-endpoint"] = endpoint
+	}
+
+	if cfg.AgentConfig.CNIConfDir != "" {
+		argsMap["cni-conf-dir"] = cfg.AgentConfig.CNIConfDir
+	}
+	if cfg.AgentConfig.CNIBinDir != "" {
+		argsMap["cni-bin-dir"] = cfg.AgentConfig.CNIBinDir
+	}
+	if cfg.AgentConfig.CNIPlugin {
+		argsMap["network-plugin"] = "cni"
+	}
+	if cfg.AgentConfig.PauseImage != "" {
+		argsMap["pod-infra-container-image"] = cfg.AgentConfig.PauseImage
+	}
+
+	_, runtimeRoot, _ := cgroups.CheckCgroups()
+	if runtimeRoot != "" {
+		argsMap["runtime-cgroups"] = runtimeRoot
+	}
+
+	return config.GetArgs(argsMap, nil)
+}
--- a/pkg/agent/run.go
+++ b/pkg/agent/run.go
@ -13,6 +13,7 @@ import (
 	systemd "github.com/coreos/go-systemd/daemon"
 	"github.com/k3s-io/k3s/pkg/agent/config"
 	"github.com/k3s-io/k3s/pkg/agent/containerd"
+	"github.com/k3s-io/k3s/pkg/agent/cridockerd"
 	"github.com/k3s-io/k3s/pkg/agent/flannel"
 	"github.com/k3s-io/k3s/pkg/agent/netpol"
 	"github.com/k3s-io/k3s/pkg/agent/proxy"
@ -101,7 +102,11 @@ func run(ctx context.Context, cfg cmds.Agent, proxy proxy.Proxy) error {
 		}
 	}

-	if !nodeConfig.Docker && nodeConfig.ContainerRuntimeEndpoint == "" {
+	if nodeConfig.Docker {
+		if err := cridockerd.Run(ctx, nodeConfig); err != nil {
+			return err
+		}
+	} else if nodeConfig.ContainerRuntimeEndpoint == "" {
 		if err := containerd.Run(ctx, nodeConfig); err != nil {
 			return err
 		}
--- a/pkg/agent/run_linux.go
+++ b/pkg/agent/run_linux.go
@ -13,7 +13,7 @@ import (
 )

 const (
-	dockershimSock = "unix:///var/run/dockershim.sock"
+	criDockerdSock = "unix:///run/k3s/cri-dockerd/cri-dockerd.sock"
 	containerdSock = "unix:///run/k3s/containerd/containerd.sock"
 )

@ -24,7 +24,7 @@ func setupCriCtlConfig(cfg cmds.Agent, nodeConfig *config.Node) error {
 	if cre == "" {
 		switch {
 		case cfg.Docker:
-			cre = dockershimSock
+			cre = criDockerdSock
 		default:
 			cre = containerdSock
 		}
--- a/pkg/cli/cmds/agent.go
+++ b/pkg/cli/cmds/agent.go
@ -104,9 +104,14 @@ var (
 		EnvVar:      version.ProgramUpper + "_LB_SERVER_PORT",
 		Value:       6444,
 	}
+	DockerFlag = cli.BoolFlag{
+		Name:        "docker",
+		Usage:       "(agent/runtime) (experimental) Use cri-dockerd instead of containerd",
+		Destination: &AgentConfig.Docker,
+	}
 	CRIEndpointFlag = cli.StringFlag{
 		Name:        "container-runtime-endpoint",
-		Usage:       "(agent/runtime) Disable embedded containerd and use alternative CRI implementation",
+		Usage:       "(agent/runtime) Disable embedded containerd and use the CRI socket at the given path; when used with --docker this sets the docker socket path",
 		Destination: &AgentConfig.ContainerRuntimeEndpoint,
 	}
 	PrivateRegistryFlag = cli.StringFlag{
@ -191,12 +196,6 @@ var (
 		Usage:  "(deprecated) Use --selinux to explicitly enable SELinux",
 		Hidden: true,
 	}
-	DockerFlag = cli.BoolFlag{
-		Hidden:      true,
-		Name:        "docker",
-		Usage:       "(deprecated) (agent/runtime) Use docker instead of containerd",
-		Destination: &AgentConfig.Docker,
-	}
 	FlannelFlag = cli.BoolFlag{
 		Hidden:      true,
 		Name:        "no-flannel",
--- a/pkg/daemons/agent/agent.go
+++ b/pkg/daemons/agent/agent.go
@ -16,11 +16,6 @@ import (
 	_ "k8s.io/component-base/metrics/prometheus/version"    // for version metric registration
 )

-const (
-	unixPrefix    = "unix://"
-	windowsPrefix = "npipe://"
-)
-
 func Agent(ctx context.Context, nodeConfig *daemonconfig.Node, proxy proxy.Proxy) error {
 	rand.Seed(time.Now().UTC().UnixNano())

--- a/pkg/daemons/agent/agent_linux.go
+++ b/pkg/daemons/agent/agent_linux.go
@ -18,6 +18,8 @@ import (
 	"k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes"
 )

+const socketPrefix = "unix://"
+
 func createRootlessConfig(argsMap map[string]string, controllers map[string]bool) {
 	argsMap["feature-gates=KubeletInUserNamespace"] = "true"
 	// "/sys/fs/cgroup" is namespaced
@ -29,14 +31,6 @@ func createRootlessConfig(argsMap map[string]string, controllers map[string]bool
 	logrus.Fatal("delegated cgroup v2 controllers are required for rootless.")
 }

-func checkRuntimeEndpoint(cfg *config.Agent, argsMap map[string]string) {
-	if strings.HasPrefix(argsMap["container-runtime-endpoint"], unixPrefix) {
-		argsMap["container-runtime-endpoint"] = cfg.RuntimeSocket
-	} else {
-		argsMap["container-runtime-endpoint"] = unixPrefix + cfg.RuntimeSocket
-	}
-}
-
 func kubeProxyArgs(cfg *config.Agent) map[string]string {
 	bindAddress := "127.0.0.1"
 	_, IPv6only, _ := util.GetFirstString([]string{cfg.NodeIP})
@ -94,18 +88,25 @@ func kubeletArgs(cfg *config.Agent) map[string]string {
 		argsMap["resolv-conf"] = cfg.ResolvConf
 	}
 	if cfg.RuntimeSocket != "" {
-		argsMap["containerd"] = cfg.RuntimeSocket
 		argsMap["serialize-image-pulls"] = "false"
-		checkRuntimeEndpoint(cfg, argsMap)
+		if strings.Contains(cfg.RuntimeSocket, "containerd") {
+			argsMap["containerd"] = cfg.RuntimeSocket
+		}
+		// cadvisor wants the containerd CRI socket without the prefix, but kubelet wants it with the prefix
+		if strings.HasPrefix(cfg.RuntimeSocket, socketPrefix) {
+			argsMap["container-runtime-endpoint"] = cfg.RuntimeSocket
+		} else {
+			argsMap["container-runtime-endpoint"] = socketPrefix + cfg.RuntimeSocket
+		}
 	}
 	if cfg.PauseImage != "" {
 		argsMap["pod-infra-container-image"] = cfg.PauseImage
 	}
 	if cfg.ImageServiceSocket != "" {
-		if strings.HasPrefix(cfg.ImageServiceSocket, unixPrefix) {
+		if strings.HasPrefix(cfg.ImageServiceSocket, socketPrefix) {
 			argsMap["image-service-endpoint"] = cfg.ImageServiceSocket
 		} else {
-			argsMap["image-service-endpoint"] = unixPrefix + cfg.ImageServiceSocket
+			argsMap["image-service-endpoint"] = socketPrefix + cfg.ImageServiceSocket
 		}
 	}
 	if cfg.ListenAddress != "" {
--- a/pkg/daemons/agent/agent_windows.go
+++ b/pkg/daemons/agent/agent_windows.go
@ -17,15 +17,10 @@ import (
 	"k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes"
 )

-var NetworkName = "vxlan0"
-
-func checkRuntimeEndpoint(cfg *config.Agent, argsMap map[string]string) {
-	if strings.HasPrefix(cfg.RuntimeSocket, windowsPrefix) {
-		argsMap["container-runtime-endpoint"] = cfg.RuntimeSocket
-	} else {
-		argsMap["container-runtime-endpoint"] = windowsPrefix + cfg.RuntimeSocket
-	}
-}
+const (
+	socketPrefix = "npipe://"
+	networkName  = "vxlan0"
+)

 func kubeProxyArgs(cfg *config.Agent) map[string]string {
 	bindAddress := "127.0.0.1"
@ -43,7 +38,7 @@ func kubeProxyArgs(cfg *config.Agent) map[string]string {
 		argsMap["hostname-override"] = cfg.NodeName
 	}

-	if sourceVip := waitForManagementIP(NetworkName); sourceVip != "" {
+	if sourceVip := waitForManagementIP(networkName); sourceVip != "" {
 		argsMap["source-vip"] = sourceVip
 	}

@ -85,9 +80,16 @@ func kubeletArgs(cfg *config.Agent) map[string]string {
 		argsMap["resolv-conf"] = cfg.ResolvConf
 	}
 	if cfg.RuntimeSocket != "" {
-		argsMap["containerd"] = cfg.RuntimeSocket
 		argsMap["serialize-image-pulls"] = "false"
-		checkRuntimeEndpoint(cfg, argsMap)
+		if strings.Contains(cfg.RuntimeSocket, "containerd") {
+			argsMap["containerd"] = cfg.RuntimeSocket
+		}
+		// cadvisor wants the containerd CRI socket without the prefix, but kubelet wants it with the prefix
+		if strings.HasPrefix(cfg.RuntimeSocket, socketPrefix) {
+			argsMap["container-runtime-endpoint"] = cfg.RuntimeSocket
+		} else {
+			argsMap["container-runtime-endpoint"] = socketPrefix + cfg.RuntimeSocket
+		}
 	}
 	if cfg.PauseImage != "" {
 		argsMap["pod-infra-container-image"] = cfg.PauseImage
--- a/pkg/daemons/agent/agent_windows_test.go
+++ b/pkg/daemons/agent/agent_windows_test.go
@ -37,7 +37,6 @@ func TestCheckRuntimeEndpoint(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			argsMap := map[string]string{}
-			checkRuntimeEndpoint(tt.args.cfg, argsMap)
 			if argsMap["container-runtime-endpoint"] != tt.want {
 				got := argsMap["container-runtime-endpoint"]
 				t.Errorf("error, input was " + tt.args.cfg.RuntimeSocket + " should be " + tt.want + ", but got " + got)
--- a/pkg/daemons/config/types.go
+++ b/pkg/daemons/config/types.go
@ -54,6 +54,7 @@ type Node struct {
 	FlannelIPv6Masq          bool
 	EgressSelectorMode       string
 	Containerd               Containerd
+	CRIDockerd               CRIDockerd
 	Images                   string
 	AgentConfig              Agent
 	Token                    string
@ -72,6 +73,11 @@ type Containerd struct {
 	SELinux  bool
 }

+type CRIDockerd struct {
+	Address string
+	Root    string
+}
+
 type Agent struct {
 	PodManifests            string
 	NodeName                string