diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml index 51a95d06c..39005b97c 100644 --- a/roles/container-engine/containerd/tasks/main.yml +++ b/roles/container-engine/containerd/tasks/main.yml @@ -108,7 +108,7 @@ - name: Containerd | Copy containerd config file template: - src: config.toml.j2 + src: "{{ 'config.toml.j2' if containerd_version is version('2.0.0', '>=') else 'config-v1.toml.j2' }}" dest: "{{ containerd_cfg_dir }}/config.toml" owner: "root" mode: "0640" diff --git a/roles/container-engine/containerd/templates/config-v1.toml.j2 b/roles/container-engine/containerd/templates/config-v1.toml.j2 new file mode 100644 index 000000000..de5925034 --- /dev/null +++ b/roles/container-engine/containerd/templates/config-v1.toml.j2 @@ -0,0 +1,102 @@ +# This is for containerd v1 for compatibility +version = 2 + +root = "{{ containerd_storage_dir }}" +state = "{{ containerd_state_dir }}" +oom_score = {{ containerd_oom_score }} + +{% if containerd_extra_args is defined %} +{{ containerd_extra_args }} +{% endif %} + +[grpc] + max_recv_message_size = {{ containerd_grpc_max_recv_message_size }} + max_send_message_size = {{ containerd_grpc_max_send_message_size }} + +[debug] + address = "{{ containerd_debug_address }}" + level = "{{ containerd_debug_level }}" + format = "{{ containerd_debug_format }}" + uid = {{ containerd_debug_uid }} + gid = {{ containerd_debug_gid }} + +[metrics] + address = "{{ containerd_metrics_address }}" + grpc_histogram = {{ containerd_metrics_grpc_histogram | lower }} + +[plugins] + [plugins."io.containerd.grpc.v1.cri"] + sandbox_image = "{{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}" + max_container_log_line_size = {{ containerd_max_container_log_line_size }} + enable_unprivileged_ports = {{ containerd_enable_unprivileged_ports | lower }} + enable_unprivileged_icmp = {{ containerd_enable_unprivileged_icmp | lower }} + enable_selinux = {{ containerd_enable_selinux | lower }} + disable_apparmor = {{ containerd_disable_apparmor | lower }} + tolerate_missing_hugetlb_controller = {{ containerd_tolerate_missing_hugetlb_controller | lower }} + disable_hugetlb_controller = {{ containerd_disable_hugetlb_controller | lower }} + image_pull_progress_timeout = "{{ containerd_image_pull_progress_timeout }}" +{% if enable_cdi %} + enable_cdi = true + cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"] +{% endif %} + [plugins."io.containerd.grpc.v1.cri".containerd] + default_runtime_name = "{{ containerd_default_runtime }}" + snapshotter = "{{ containerd_snapshotter }}" + discard_unpacked_layers = {{ containerd_discard_unpacked_layers | lower }} + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] +{% for runtime in [containerd_runc_runtime] + containerd_additional_runtimes %} + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}] + runtime_type = "{{ runtime.type }}" + runtime_engine = "{{ runtime.engine }}" + runtime_root = "{{ runtime.root }}" +{% if runtime.base_runtime_spec is defined %} + base_runtime_spec = "{{ containerd_cfg_dir }}/{{ runtime.base_runtime_spec }}" +{% endif %} + + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}.options] +{% for key, value in runtime.options.items() %} +{% if value | string != "true" and value | string != "false" %} + {{ key }} = "{{ value }}" +{% else %} + {{ key }} = {{ value }} +{% endif %} +{% endfor %} +{% endfor %} +{% if kata_containers_enabled %} + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-qemu] + runtime_type = "io.containerd.kata-qemu.v2" +{% endif %} +{% if gvisor_enabled %} + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runsc] + runtime_type = "io.containerd.runsc.v1" +{% endif %} + [plugins."io.containerd.grpc.v1.cri".registry] + config_path = "{{ containerd_cfg_dir }}/certs.d" +{% for registry in containerd_registry_auth if registry['registry'] is defined %} +{% if (registry['username'] is defined and registry['password'] is defined) or registry['auth'] is defined %} + [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry['registry'] }}".auth] +{% if registry['username'] is defined and registry['password'] is defined %} + password = "{{ registry['password'] }}" + username = "{{ registry['username'] }}" +{% else %} + auth = "{{ registry['auth'] }}" +{% endif %} +{% endif %} +{% endfor %} + +{% if nri_enabled and containerd_version is version('1.7.0', '>=') %} + [plugins."io.containerd.nri.v1.nri"] + disable = false +{% endif %} + +{% if containerd_tracing_enabled %} + [plugins."io.containerd.tracing.processor.v1.otlp"] + endpoint = "{{ containerd_tracing_endpoint }}" + protocol = "{{ containerd_tracing_protocol }}" +{% if containerd_tracing_protocol == "grpc" %} + insecure = false +{% endif %} + [plugins."io.containerd.internal.v1.tracing"] + sampling_ratio = {{ containerd_tracing_sampling_ratio }} + service_name = "{{ containerd_tracing_service_name }}" +{% endif %} diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2 index 778f07646..20faeaa81 100644 --- a/roles/container-engine/containerd/templates/config.toml.j2 +++ b/roles/container-engine/containerd/templates/config.toml.j2 @@ -1,9 +1,4 @@ -{% if containerd_version is version('2.0.0', '>=') %} version = 3 -{% else %} -version = 2 -{% endif %} - root = "{{ containerd_storage_dir }}" state = "{{ containerd_state_dir }}" @@ -29,8 +24,7 @@ oom_score = {{ containerd_oom_score }} grpc_histogram = {{ containerd_metrics_grpc_histogram | lower }} [plugins] - [plugins."io.containerd.grpc.v1.cri"] - sandbox_image = "{{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}" + [plugins."io.containerd.cri.v1.runtime"] max_container_log_line_size = {{ containerd_max_container_log_line_size }} enable_unprivileged_ports = {{ containerd_enable_unprivileged_ports | lower }} enable_unprivileged_icmp = {{ containerd_enable_unprivileged_icmp | lower }} @@ -38,57 +32,51 @@ oom_score = {{ containerd_oom_score }} disable_apparmor = {{ containerd_disable_apparmor | lower }} tolerate_missing_hugetlb_controller = {{ containerd_tolerate_missing_hugetlb_controller | lower }} disable_hugetlb_controller = {{ containerd_disable_hugetlb_controller | lower }} - image_pull_progress_timeout = "{{ containerd_image_pull_progress_timeout }}" {% if enable_cdi %} enable_cdi = true cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"] {% endif %} - [plugins."io.containerd.grpc.v1.cri".containerd] - default_runtime_name = "{{ containerd_default_runtime }}" - snapshotter = "{{ containerd_snapshotter }}" - discard_unpacked_layers = {{ containerd_discard_unpacked_layers | lower }} - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] + + [plugins."io.containerd.cri.v1.runtime".containerd] + default_runtime_name = "{{ containerd_default_runtime }}" + [plugins."io.containerd.cri.v1.runtime".containerd.runtimes] {% for runtime in [containerd_runc_runtime] + containerd_additional_runtimes %} - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}] - runtime_type = "{{ runtime.type }}" - runtime_engine = "{{ runtime.engine }}" - runtime_root = "{{ runtime.root }}" + [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.{{ runtime.name }}] + runtime_type = "{{ runtime.type }}" + runtime_engine = "{{ runtime.engine }}" + runtime_root = "{{ runtime.root }}" {% if runtime.base_runtime_spec is defined %} - base_runtime_spec = "{{ containerd_cfg_dir }}/{{ runtime.base_runtime_spec }}" + base_runtime_spec = "{{ containerd_cfg_dir }}/{{ runtime.base_runtime_spec }}" {% endif %} - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}.options] + [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.{{ runtime.name }}.options] {% for key, value in runtime.options.items() %} {% if value | string != "true" and value | string != "false" %} - {{ key }} = "{{ value }}" + {{ key }} = "{{ value }}" {% else %} - {{ key }} = {{ value }} + {{ key }} = {{ value }} {% endif %} {% endfor %} {% endfor %} {% if kata_containers_enabled %} - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-qemu] - runtime_type = "io.containerd.kata-qemu.v2" + [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.kata-qemu] + runtime_type = "io.containerd.kata-qemu.v2" {% endif %} {% if gvisor_enabled %} - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runsc] - runtime_type = "io.containerd.runsc.v1" + [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runsc] + runtime_type = "io.containerd.runsc.v1" {% endif %} - [plugins."io.containerd.grpc.v1.cri".registry] - config_path = "{{ containerd_cfg_dir }}/certs.d" -{% for registry in containerd_registry_auth if registry['registry'] is defined %} -{% if (registry['username'] is defined and registry['password'] is defined) or registry['auth'] is defined %} - [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry['registry'] }}".auth] -{% if registry['username'] is defined and registry['password'] is defined %} - password = "{{ registry['password'] }}" - username = "{{ registry['username'] }}" -{% else %} - auth = "{{ registry['auth'] }}" -{% endif %} -{% endif %} -{% endfor %} -{% if nri_enabled and containerd_version is version('1.7.0', '>=') %} + [plugins."io.containerd.cri.v1.images"] + snapshotter = "{{ containerd_snapshotter }}" + discard_unpacked_layers = {{ containerd_discard_unpacked_layers | lower }} + image_pull_progress_timeout = "{{ containerd_image_pull_progress_timeout }}" + [plugins."io.containerd.cri.v1.images".pinned_images] + sandbox = "{{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}" + [plugins."io.containerd.cri.v1.images".registry] + config_path = "{{ containerd_cfg_dir }}/certs.d" + +{% if nri_enabled %} [plugins."io.containerd.nri.v1.nri"] disable = false {% endif %}