mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-01-10 15:32:09 -03:30
f964b3438d
* [containerd] Add Configuration option for Node Resource Interface Node Resource Interface (NRI) is a common is a common framework for plugging domain or vendor-specific custom logic into container runtime like containerd. With this commit, we introduce the containerd_disable_nri configuration flag, providing cluster administrators the flexibility to opt in or out (defaulted to 'out') of this feature in containerd. In line with containerd's default configuration, NRI is disabled by default in this containerd role defaults. Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com> * [cri-o] Add configuration option for Node Resource Interface Node Resource Interface (NRI) is a common is a common framework for plugging domain or vendor-specific custom logic into container runtimes like containerd/crio. With this commit, we introduce the crio_enable_nri configuration flag, providing cluster administrators the flexibility to opt in or out (defaulted to 'out') of this feature in cri-o runtime. In line with crio's default configuration, NRI is disabled by default in this cri-o role defaults. Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com> --------- Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
110 lines
3.1 KiB
YAML
110 lines
3.1 KiB
YAML
---
|
|
containerd_storage_dir: "/var/lib/containerd"
|
|
containerd_state_dir: "/run/containerd"
|
|
containerd_systemd_dir: "/etc/systemd/system/containerd.service.d"
|
|
# The default value is not -999 here because containerd's oom_score_adj has been
|
|
# set to the -999 even if containerd_oom_score is 0.
|
|
# Ref: https://github.com/kubernetes-sigs/kubespray/pull/9275#issuecomment-1246499242
|
|
containerd_oom_score: 0
|
|
|
|
# containerd_default_runtime: "runc"
|
|
# containerd_snapshotter: "native"
|
|
|
|
containerd_runc_runtime:
|
|
name: runc
|
|
type: "io.containerd.runc.v2"
|
|
engine: ""
|
|
root: ""
|
|
base_runtime_spec: cri-base.json
|
|
options:
|
|
systemdCgroup: "{{ containerd_use_systemd_cgroup | ternary('true', 'false') }}"
|
|
|
|
containerd_additional_runtimes: []
|
|
# Example for Kata Containers as additional runtime:
|
|
# - name: kata
|
|
# type: "io.containerd.kata.v2"
|
|
# engine: ""
|
|
# root: ""
|
|
|
|
containerd_base_runtime_spec_rlimit_nofile: 65535
|
|
|
|
containerd_default_base_runtime_spec_patch:
|
|
process:
|
|
rlimits:
|
|
- type: RLIMIT_NOFILE
|
|
hard: "{{ containerd_base_runtime_spec_rlimit_nofile }}"
|
|
soft: "{{ containerd_base_runtime_spec_rlimit_nofile }}"
|
|
|
|
containerd_base_runtime_specs:
|
|
cri-base.json: "{{ containerd_default_base_runtime_spec | combine(containerd_default_base_runtime_spec_patch, recursive=1) }}"
|
|
|
|
containerd_grpc_max_recv_message_size: 16777216
|
|
containerd_grpc_max_send_message_size: 16777216
|
|
|
|
containerd_debug_level: "info"
|
|
|
|
containerd_metrics_address: ""
|
|
|
|
containerd_metrics_grpc_histogram: false
|
|
|
|
containerd_registries:
|
|
"docker.io": "https://registry-1.docker.io"
|
|
|
|
containerd_registries_mirrors:
|
|
- prefix: docker.io
|
|
mirrors:
|
|
- host: https://registry-1.docker.io
|
|
capabilities: ["pull", "resolve"]
|
|
skip_verify: false
|
|
|
|
containerd_max_container_log_line_size: -1
|
|
|
|
# If enabled it will allow non root users to use port numbers <1024
|
|
containerd_enable_unprivileged_ports: false
|
|
# If enabled it will allow non root users to use icmp sockets
|
|
containerd_enable_unprivileged_icmp: false
|
|
|
|
# If enabled, it will activate the NRI support in containerd
|
|
containerd_nri_disable: true
|
|
|
|
containerd_cfg_dir: /etc/containerd
|
|
|
|
# Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally
|
|
containerd_extra_args: ''
|
|
|
|
# Configure registry auth (if applicable to secure/insecure registries)
|
|
containerd_registry_auth: []
|
|
# - registry: 10.0.0.2:5000
|
|
# username: user
|
|
# password: pass
|
|
|
|
# Configure containerd service
|
|
containerd_limit_proc_num: "infinity"
|
|
containerd_limit_core: "infinity"
|
|
containerd_limit_open_file_num: "infinity"
|
|
containerd_limit_mem_lock: "infinity"
|
|
|
|
# If enabled it will use config_path and config to be put in {{ containerd_cfg_dir }}/certs.d/
|
|
containerd_use_config_path: false
|
|
|
|
# OS distributions that already support containerd
|
|
containerd_supported_distributions:
|
|
- "CentOS"
|
|
- "OracleLinux"
|
|
- "RedHat"
|
|
- "Ubuntu"
|
|
- "Debian"
|
|
- "Fedora"
|
|
- "AlmaLinux"
|
|
- "Rocky"
|
|
- "Amazon"
|
|
- "Flatcar"
|
|
- "Flatcar Container Linux by Kinvolk"
|
|
- "Suse"
|
|
- "openSUSE Leap"
|
|
- "openSUSE Tumbleweed"
|
|
- "Kylin Linux Advanced Server"
|
|
- "UnionTech"
|
|
- "UniontechOS"
|
|
- "openEuler"
|