From 629a69088666eb8216a4289714b19ffeaddaeb75 Mon Sep 17 00:00:00 2001
From: ShinyaIshitobi <shinya.ishitobi@gmail.com>
Date: Thu, 24 Apr 2025 17:40:33 +0900
Subject: [PATCH] fix: Enable NRI for containerd and disable plugin when
 nri_enabled is false (#12152)

* fix(containerd): always render NRI plugin block with conditional disable flag

* feat: enable Node Resource Interface plugin when using containerd

* fix: remove the

* fix: fix for linter
---
 roles/container-engine/containerd/templates/config.toml.j2 | 4 +---
 roles/kubespray-defaults/defaults/main/main.yml            | 5 ++---
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index 20faeaa81..8b1c5c253 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -76,10 +76,8 @@ oom_score = {{ containerd_oom_score }}
   [plugins."io.containerd.cri.v1.images".registry]
     config_path = "{{ containerd_cfg_dir }}/certs.d"
 
-{% if nri_enabled %}
   [plugins."io.containerd.nri.v1.nri"]
-    disable = false
-{% endif %}
+    disable = {{ 'false' if nri_enabled else 'true' }}
 
 {% if containerd_tracing_enabled %}
   [plugins."io.containerd.tracing.processor.v1.otlp"]
diff --git a/roles/kubespray-defaults/defaults/main/main.yml b/roles/kubespray-defaults/defaults/main/main.yml
index 1e6d18915..6904d0b31 100644
--- a/roles/kubespray-defaults/defaults/main/main.yml
+++ b/roles/kubespray-defaults/defaults/main/main.yml
@@ -306,9 +306,8 @@ deploy_container_engine: "{{ 'k8s_cluster' in group_names or etcd_deployment_typ
 # Container for runtime
 container_manager: containerd
 
-# Enable Node Resource Interface in containerd or CRI-O. Requires crio_version >= v1.26.0
-# or containerd_version >= 1.7.0.
-nri_enabled: false
+# Enable Node Resource Interface plugin for containerd
+nri_enabled: "{{ container_manager == 'containerd' }}"
 
 # Enable Kata Containers as additional container runtime
 # When enabled, it requires `container_manager` different than Docker