Document and add validation on enable_cri_dockerd option (#415)

* doccument cri

* Add validation on cri

docs/resources/cluster.md

@@ -151,7 +151,7 @@ The following arguments are supported:
 * `dind_storage_driver` - (Optional/Experimental) DinD RKE cluster storage driver (string)
 * `dind_dns_server` - (Optional/Experimental) DinD RKE cluster dns (string)
 * `dns` - (Optional) RKE k8s cluster DNS Config (list maxitems:1)
-* `enable_cri_dockerd` - (Optional) Enable/Disable CRI dockerd for kubelet. Default `false` (bool)
+* `enable_cri_dockerd` - (Optional) Enable/Disable CRI dockerd for kubelet; set it to true starting from Kubernetes version 1.24 or later. Default `false` (bool)
 * `ignore_docker_version` - (Optional) Enable/Disable RKE k8s cluster strict docker version checking. Default `false` (bool)
 * `ingress` - (Optional) RKE k8s cluster ingress controller configuration (list maxitems:1)
 * `kubernetes_version` - (Optional) K8s version to deploy. If kubernetes image is specified, image version takes precedence. Default: `rke default` (string)

rke/structure_rke_cluster.go

@@ -6,6 +6,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/rancher/rke/cluster"
 	rancher "github.com/rancher/rke/types"
+	log "github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	apiserverconfigv1 "k8s.io/apiserver/pkg/apis/config/v1"
 )
@@ -371,6 +372,10 @@ func expandRKECluster(in *schema.ResourceData) (string, *rancher.RancherKubernet
 		obj.Services.Kubeproxy.ExtraArgs["conntrack-max-per-core"] = "0"
 	}
 
+	if k8sVersionRequiresCri(obj.Version) && obj.EnableCRIDockerd != nil && !*obj.EnableCRIDockerd {
+		return "", nil, fmt.Errorf("kubernetes version %s requires enable_cri_dockerd to be set to true", obj.Version)
+	}
+
 	objYml, err := patchRKEClusterYaml(obj)
 	if err != nil {
 		return "", nil, fmt.Errorf("Failed to patch RKE cluster yaml: %v", err)
@@ -505,3 +510,13 @@ func expandRKEClusterFlag(in *schema.ResourceData, clusterFilePath string) clust
 
 	return obj
 }
+
+func k8sVersionRequiresCri(kubernetesVersion string) bool {
+	version, err := getClusterVersion(kubernetesVersion)
+	if err != nil {
+		// This debug / error is not supposed to happen, the kubernetesVersion should be validated by the provider.
+		log.Debugf("Unable to get the semantic version for kubernetesVersion, value: %s", kubernetesVersion)
+		return false
+	}
+	return parsedRangeAtLeast124(version)
+}

rke/structure_rke_cluster_test.go

@@ -0,0 +1,78 @@
+package rke
+
+import "testing"
+
+func Test_k8sVersionRequiresCri(t *testing.T) {
+	type args struct {
+		kubernetesVersion string
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "v1.26.4-rancher2-1",
+			args: args{
+				kubernetesVersion: "v1.26.4-rancher2-1",
+			},
+			want: true,
+		},
+		{
+			name: "v1.25.9-rancher2-2",
+			args: args{
+				kubernetesVersion: "v1.25.9-rancher2-2",
+			},
+			want: true,
+		},
+		{
+			name: "v1.24.13-rancher2-2",
+			args: args{
+				kubernetesVersion: "v1.24.13-rancher2-2",
+			},
+			want: true,
+		},
+		{
+			name: "v1.23.16-rancher2-3",
+			args: args{
+				kubernetesVersion: "v1.23.16-rancher2-3",
+			},
+			want: false,
+		},
+		{
+			name: "v1.22.17-rancher1-2",
+			args: args{
+				kubernetesVersion: "v1.22.17-rancher1-2",
+			},
+			want: false,
+		},
+		{
+			name: "v1.21.14-rancher1-1",
+			args: args{
+				kubernetesVersion: "v1.21.14-rancher1-1",
+			},
+			want: false,
+		},
+		{
+			name: "v1.20.15-rancher2-2",
+			args: args{
+				kubernetesVersion: "v1.20.15-rancher2-2",
+			},
+			want: false,
+		},
+		{
+			name: "invalid",
+			args: args{
+				kubernetesVersion: "invalid",
+			},
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := k8sVersionRequiresCri(tt.args.kubernetesVersion); got != tt.want {
+				t.Errorf("k8sVersionRequiresCri() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

rke/util.go

@@ -12,12 +12,15 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/blang/semver"
 	ghodssyaml "github.com/ghodss/yaml"
 	gover "github.com/hashicorp/go-version"
 	uuid "github.com/satori/go.uuid"
 	"gopkg.in/yaml.v2"
 )
 
+var parsedRangeAtLeast124 = semver.MustParseRange(">= 1.24.0-rancher0")
+
 func splitImportID(s string) ([]string, error) {
 	sep := ":"
 	if len(s) == 0 {
@@ -252,6 +255,18 @@ func sortVersions(list map[string]string) ([]*gover.Version, error) {
 	return versions, nil
 }
 
+func getClusterVersion(version string) (semver.Version, error) {
+	var parsedVersion semver.Version
+	if len(version) <= 1 || !strings.HasPrefix(version, "v") {
+		return parsedVersion, fmt.Errorf("%s is not valid version", version)
+	}
+	parsedVersion, err := semver.Parse(version[1:])
+	if err != nil {
+		return parsedVersion, fmt.Errorf("%s is not valid semver", version)
+	}
+	return parsedVersion, nil
+}
+
 func getLatestVersion(list map[string]string) (string, error) {
 	sorted, err := sortVersions(list)
 	if err != nil {