kubernetes · k8s-ci-robot · Aug 28, 2025 · Aug 9, 2025 · Aug 9, 2025 · Aug 9, 2025
diff --git a/docs/releases/1.34-NOTES.md b/docs/releases/1.34-NOTES.md
@@ -7,6 +7,7 @@ This is a document to gather the release notes prior to the release.
 # Significant changes
 
 * Default SSH key is now `~/.ssh/id_ed25519.pub`, instead of the less secure `~/.ssh/id_rsa.pub`.
+* `crictl` and `nerdctl` are now only installed on demand, by setting `spec.containerd.installCriCtl=true` and `spec.containerd.installNerdCtl=true`.
 
 ## Some Feature
 

diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml
@@ -897,6 +897,12 @@ spec:
                     description: ConfigOverride is the complete containerd config
                       file provided by the user.
                     type: string
+                  installCriCtl:
+                    description: InstallCriCtl installs crictl (default "false").
+                    type: boolean
+                  installNerdCtl:
+                    description: InstallNerdCtl installs nerdctl (default "false").
+                    type: boolean
                   logLevel:
                     description: LogLevel controls the logging details [trace, debug,
                       info, warn, error, fatal, panic] (default "info").

diff --git a/k8s/crds/kops.k8s.io_instancegroups.yaml b/k8s/crds/kops.k8s.io_instancegroups.yaml
@@ -133,6 +133,12 @@ spec:
                     description: ConfigOverride is the complete containerd config
                       file provided by the user.
                     type: string
+                  installCriCtl:
+                    description: InstallCriCtl installs crictl (default "false").
+                    type: boolean
+                  installNerdCtl:
+                    description: InstallNerdCtl installs nerdctl (default "false").
+                    type: boolean
                   logLevel:
                     description: LogLevel controls the logging details [trace, debug,
                       info, warn, error, fatal, panic] (default "info").

diff --git a/nodeup/pkg/model/crictl.go b/nodeup/pkg/model/crictl.go
@@ -33,6 +33,11 @@ type CrictlBuilder struct {
 var _ fi.NodeupModelBuilder = &CrictlBuilder{}
 
 func (b *CrictlBuilder) Build(c *fi.NodeupModelBuilderContext) error {
+	if b.skipInstall() {
+		klog.V(8).Info("won't install crictl")
+		return nil
+	}
+
 	assets := b.Assets.FindMatches(regexp.MustCompile(`^crictl$`))
 	if len(assets) == 0 {
 		klog.Warning("unable to find any crictl binaries in assets")
@@ -65,3 +70,13 @@ func (b *CrictlBuilder) binaryPath() string {
 	}
 	return path
 }
+
+func (b *CrictlBuilder) skipInstall() bool {
+	containerd := b.NodeupConfig.ContainerdConfig
+
+	if containerd == nil {
+		return false
+	}
+
+	return containerd.SkipInstall && !containerd.InstallCriCtl
+}
diff --git a/nodeup/pkg/model/nerdctl.go b/nodeup/pkg/model/nerdctl.go
@@ -18,6 +18,7 @@ package model
 
 import (
 	"path/filepath"
+	"regexp"
 
 	"k8s.io/klog/v2"
 	"k8s.io/kops/upup/pkg/fi"
@@ -33,24 +34,28 @@ var _ fi.NodeupModelBuilder = &NerdctlBuilder{}
 
 func (b *NerdctlBuilder) Build(c *fi.NodeupModelBuilderContext) error {
 	if b.skipInstall() {
-		klog.Info("containerd.skipInstall is set to true; won't install nerdctl")
+		klog.V(8).Info("won't install nerdctl")
 		return nil
 	}
 
-	assetName := "nerdctl"
-	assetPath := ""
-	asset, err := b.Assets.Find(assetName, assetPath)
-	if err != nil {
-		klog.Warningf("unable to locate asset %q: %v", assetName, err)
+	assets := b.Assets.FindMatches(regexp.MustCompile(`^nerdctl$`))
+	if len(assets) == 0 {
+		klog.Warning("unable to find any nerdctl binaries in assets")
+		return nil
+	}
+	if len(assets) > 1 {
+		klog.Warning("multiple nerdctl binaries are found")
 		return nil
 	}
 
-	c.AddTask(&nodetasks.File{
-		Path:     b.nerdctlPath(),
-		Contents: asset,
-		Type:     nodetasks.FileType_File,
-		Mode:     s("0755"),
-	})
+	for k, v := range assets {
+		c.AddTask(&nodetasks.File{
+			Path:     filepath.Join(b.binaryPath(), k),
+			Contents: v,
+			Type:     nodetasks.FileType_File,
+			Mode:     s("0755"),
+		})
+	}
 
 	return nil
 }
@@ -64,19 +69,14 @@ func (b *NerdctlBuilder) binaryPath() string {
 		path = "/home/kubernetes/bin"
 	}
 	return path
-
-}
-
-func (b *NerdctlBuilder) nerdctlPath() string {
-	return filepath.Join(b.binaryPath(), "nerdctl")
 }
 
 func (b *NerdctlBuilder) skipInstall() bool {
-	d := b.NodeupConfig.ContainerdConfig
+	containerd := b.NodeupConfig.ContainerdConfig
 
-	if d == nil {
+	if containerd == nil {
 		return false
 	}
 
-	return d.SkipInstall
+	return containerd.SkipInstall && !containerd.InstallNerdCtl
 }
diff --git a/pkg/apis/kops/containerdconfig.go b/pkg/apis/kops/containerdconfig.go
@@ -60,6 +60,10 @@ type ContainerdConfig struct {
 	NRI *NRIConfig `json:"nri,omitempty"`
 	// Enables Kubelet ECR Credential helper to pass credentials to containerd mirrors, to use ECR as a pull-through cache
 	UseECRCredentialsForMirrors bool `json:"useECRCredentialsForMirrors,omitempty"`
+	// InstallCriCtl installs crictl (default "false").
+	InstallCriCtl bool `json:"installCriCtl,omitempty"`
+	// InstallNerdCtl installs nerdctl (default "false").
+	InstallNerdCtl bool `json:"installNerdCtl,omitempty"`
 }
 
 type NRIConfig struct {

diff --git a/pkg/apis/kops/v1alpha2/containerdconfig.go b/pkg/apis/kops/v1alpha2/containerdconfig.go
@@ -53,6 +53,10 @@ type ContainerdConfig struct {
 	NRI *NRIConfig `json:"nri,omitempty"`
 	// Enables Kubelet ECR Credential helper to pass credentials to containerd mirrors, to use ECR as a pull-through cache
 	UseECRCredentialsForMirrors bool `json:"useECRCredentialsForMirrors,omitempty"`
+	// InstallCriCtl installs crictl (default "false").
+	InstallCriCtl bool `json:"installCriCtl,omitempty"`
+	// InstallNerdCtl installs nerdctl (default "false").
+	InstallNerdCtl bool `json:"installNerdCtl,omitempty"`
 }
 
 type NRIConfig struct {

diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
diff --git a/pkg/apis/kops/v1alpha3/containerdconfig.go b/pkg/apis/kops/v1alpha3/containerdconfig.go
@@ -53,6 +53,10 @@ type ContainerdConfig struct {
 	NRI *NRIConfig `json:"nri,omitempty"`
 	// Enables Kubelet ECR Credential helper to pass credentials to containerd mirrors, to use ECR as a pull-through cache
 	UseECRCredentialsForMirrors bool `json:"useECRCredentialsForMirrors,omitempty"`
+	// InstallCriCtl installs crictl (default "false").
+	InstallCriCtl bool `json:"installCriCtl,omitempty"`
+	// InstallNerdCtl installs nerdctl (default "false").
+	InstallNerdCtl bool `json:"installNerdCtl,omitempty"`
 }
 
 type NRIConfig struct {

diff --git a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
diff --git a/pkg/nodemodel/fileassets.go b/pkg/nodemodel/fileassets.go
@@ -146,23 +146,25 @@ func BuildKubernetesFileAssets(ig model.InstanceGroup, assetBuilder *assets.Asse
 			if runcAsset != nil {
 				kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(runcAsset))
 			}
-			nerdctlAsset, err := wellknownassets.FindNerdctlAsset(ig, assetBuilder, arch)
-			if err != nil {
-				return nil, err
+			if ig.RawClusterSpec().Containerd.InstallNerdCtl {
+				nerdctlAsset, err := wellknownassets.FindNerdctlAsset(ig, assetBuilder, arch)
+				if err != nil {
+					return nil, err
+				}
+				if nerdctlAsset != nil {
+					kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(nerdctlAsset))
+				}
 			}
-			if nerdctlAsset != nil {
-				kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(nerdctlAsset))
+			if ig.RawClusterSpec().Containerd.InstallCriCtl {
+				crictlAsset, err := wellknownassets.FindCrictlAsset(ig, assetBuilder, arch)
+				if err != nil {
+					return nil, err
+				}
+				if crictlAsset != nil {
+					kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(crictlAsset))
+				}
 			}
 		}
-
-		crictlAsset, err := wellknownassets.FindCrictlAsset(ig, assetBuilder, arch)
-		if err != nil {
-			return nil, err
-		}
-		if crictlAsset != nil {
-			kubernetesAssets[arch] = append(kubernetesAssets[arch], assets.BuildMirroredAsset(crictlAsset))
-		}
-
 	}
 
 	return &KubernetesFileAssets{

diff --git a/...ata/aws_launch_template_master-us-test-1a.masters.additionalobjects.example.com_user_data b/...ata/aws_launch_template_master-us-test-1a.masters.additionalobjects.example.com_user_data
@@ -126,7 +126,7 @@ ClusterName: additionalobjects.example.com
 ConfigBase: memfs://tests/additionalobjects.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: c3CHP3c8XcaeIefdPZnbAXbsB7goMOnl2Nm/OwOAq7E=
+NodeupConfigHash: 2YJcSocHqsNZ1XBehq6eS7Phdn0DBKmJDd5O+OD5nEU=
 
 __EOF_KUBE_ENV
 

diff --git a/.../additionalobjects/data/aws_launch_template_nodes.additionalobjects.example.com_user_data b/.../additionalobjects/data/aws_launch_template_nodes.additionalobjects.example.com_user_data
@@ -149,7 +149,7 @@ ConfigServer:
   - https://kops-controller.internal.additionalobjects.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: 0siFrhs7pllXUOQlbrL4HpYPKdptMnIy6XbSjlUIJbI=
+NodeupConfigHash: yLeo8FyF2cA/6O0kMRB5qy2R8xoCN8A/rKbQkyHAvRw=
 
 __EOF_KUBE_ENV
 

diff --git a/...pdate_cluster/additionalobjects/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/...pdate_cluster/additionalobjects/data/aws_s3_object_nodeupconfig-master-us-test-1a_content
@@ -66,8 +66,6 @@ Assets:
   - f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz
   - 7a8c262deb63becc877e82d23749e4f99f4a17e8e660f9b8c257ca87a5c056b6@https://github.com/containerd/containerd/releases/download/v1.7.28/containerd-1.7.28-linux-amd64.tar.gz
   - 028986516ab5646370edce981df2d8e8a8d12188deaf837142a02097000ae2f2@https://github.com/opencontainers/runc/releases/download/v1.3.0/runc.amd64
-  - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz
-  - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz
   - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64
   - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64
   arm64:
@@ -77,8 +75,6 @@ Assets:
   - 525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz
   - 97457594ff8549cb82d664306593cafd3d2c781c706f9fffed885a46d8919bec@https://github.com/containerd/containerd/releases/download/v1.7.28/containerd-1.7.28-linux-arm64.tar.gz
   - 85c5e4e4f72e442c8c17bac07527cd4f961ee48e4f2b71797f7533c94f4a52b9@https://github.com/opencontainers/runc/releases/download/v1.3.0/runc.arm64
-  - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz
-  - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz
   - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64
   - 9d842e3636a95de2315cdea2be7a282355aac0658ef0b86d5dc2449066538f13@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-arm64
 CAs:

diff --git a/...ntegration/update_cluster/additionalobjects/data/aws_s3_object_nodeupconfig-nodes_content b/...ntegration/update_cluster/additionalobjects/data/aws_s3_object_nodeupconfig-nodes_content
@@ -6,17 +6,13 @@ Assets:
   - f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz
   - 7a8c262deb63becc877e82d23749e4f99f4a17e8e660f9b8c257ca87a5c056b6@https://github.com/containerd/containerd/releases/download/v1.7.28/containerd-1.7.28-linux-amd64.tar.gz
   - 028986516ab5646370edce981df2d8e8a8d12188deaf837142a02097000ae2f2@https://github.com/opencontainers/runc/releases/download/v1.3.0/runc.amd64
-  - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz
-  - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz
   arm64:
   - 05dd12e35783cab4960e885ec0e7d0e461989b94297e7bea9018ccbd15c4dce9@https://dl.k8s.io/release/v1.28.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.28.0/bin/linux/arm64/kubelet
   - f5484bd9cac66b183c653abed30226b561f537d15346c605cc81d98095f1717c@https://dl.k8s.io/release/v1.28.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.28.0/bin/linux/arm64/kubectl
   - 1980e3a038cb16da48a137743b31fb81de6c0b59fa06c206c2bc20ce0a52f849@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.31.7/linux/arm64/ecr-credential-provider-linux-arm64
   - 525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz
   - 97457594ff8549cb82d664306593cafd3d2c781c706f9fffed885a46d8919bec@https://github.com/containerd/containerd/releases/download/v1.7.28/containerd-1.7.28-linux-arm64.tar.gz
   - 85c5e4e4f72e442c8c17bac07527cd4f961ee48e4f2b71797f7533c94f4a52b9@https://github.com/opencontainers/runc/releases/download/v1.3.0/runc.arm64
-  - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz
-  - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz
 CAs: {}
 ClusterName: additionalobjects.example.com
 Hooks:

diff --git a/...piservernodes/data/aws_launch_template_apiserver.apiservers.minimal.example.com_user_data b/...piservernodes/data/aws_launch_template_apiserver.apiservers.minimal.example.com_user_data
@@ -126,7 +126,7 @@ ClusterName: minimal.example.com
 ConfigBase: memfs://clusters.example.com/minimal.example.com
 InstanceGroupName: apiserver
 InstanceGroupRole: APIServer
-NodeupConfigHash: f5MrZMiuax1qQhAr56gLaRqg+PTxmxMJaYtCLXpT/oY=
+NodeupConfigHash: A+fS3YgoCWPMpS6veQ/qAWrBmX64NhDMWXgkVe4dzoI=
 
 __EOF_KUBE_ENV
 

diff --git a/...vernodes/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/...vernodes/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data
@@ -126,7 +126,7 @@ ClusterName: minimal.example.com
 ConfigBase: memfs://clusters.example.com/minimal.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: Dp/TXKLZQ3ou94i7mEfLod0oOBAJuvH+k+rYAEIzDYQ=
+NodeupConfigHash: OuZzJU+c4fQRU4nX5hK7IwUiYtB9B0uFx2ZEbir1ko0=
 
 __EOF_KUBE_ENV
 

diff --git a/...pdate_cluster/apiservernodes/data/aws_launch_template_nodes.minimal.example.com_user_data b/...pdate_cluster/apiservernodes/data/aws_launch_template_nodes.minimal.example.com_user_data
@@ -149,7 +149,7 @@ ConfigServer:
   - https://kops-controller.internal.minimal.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: kSUFmkOjkn8CsDwCMaOh2tWS9VXtCTm1DAO1B9WtTpQ=
+NodeupConfigHash: IM+gqlrtrGmmPpf8t6ECtUXAZlVREu4v7tOAEMJV2q8=
 
 __EOF_KUBE_ENV
 

diff --git a/...tegration/update_cluster/apiservernodes/data/aws_s3_object_nodeupconfig-apiserver_content b/...tegration/update_cluster/apiservernodes/data/aws_s3_object_nodeupconfig-apiserver_content
@@ -66,17 +66,13 @@ Assets:
   - f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz
   - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz
   - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64
-  - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz
-  - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz
   arm64:
   - 37aa2edc7c0c4b3e488518c6a4b44c8aade75a55010534ee2be291220c73d157@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet
   - f8e09630211f2b7c6a8cc38835e7dea94708d401f5c84b23a37c70c604602ddc@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl
   - 1980e3a038cb16da48a137743b31fb81de6c0b59fa06c206c2bc20ce0a52f849@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.31.7/linux/arm64/ecr-credential-provider-linux-arm64
   - 525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz
   - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz
   - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64
-  - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz
-  - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz
 CAs:
   apiserver-aggregator-ca: |
     -----BEGIN CERTIFICATE-----