2021-04-02 14:20:11 +08:00
version = 2
2021-05-19 23:24:53 +08:00
root = "{{ containerd_storage_dir }}"
state = "{{ containerd_state_dir }}"
oom_score = {{ containerd_oom_score }}
2021-01-05 23:13:58 +08:00
2021-04-02 14:20:11 +08:00
[grpc]
max_recv_message_size = {{ containerd_grpc_max_recv_message_size | default(16777216) }}
max_send_message_size = {{ containerd_grpc_max_send_message_size | default(16777216) }}
2019-06-30 05:09:20 +08:00
[debug]
2021-04-02 14:20:11 +08:00
level = "{{ containerd_debug_level | default('info') }}"
2019-06-30 05:09:20 +08:00
2021-04-02 14:20:11 +08:00
[metrics]
address = "{{ containerd_metrics_address | default('') }}"
grpc_histogram = {{ containerd_metrics_grpc_histogram | default(false) | lower }}
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "{{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
max_container_log_line_size = {{ containerd_max_container_log_line_size }}
2022-12-09 22:16:12 +08:00
enable_unprivileged_ports = {{ containerd_enable_unprivileged_ports | default(false) | lower }}
enable_unprivileged_icmp = {{ containerd_enable_unprivileged_icmp | default(false) | lower }}
2023-11-15 00:20:19 +08:00
{% if enable_cdi %}
enable_cdi = true
cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
{% endif %}
2021-04-02 14:20:11 +08:00
[plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "{{ containerd_default_runtime | default('runc') }}"
snapshotter = "{{ containerd_snapshotter | default('overlayfs') }}"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
2022-09-21 23:33:15 +08:00
{% for runtime in [containerd_runc_runtime] + containerd_additional_runtimes %}
2021-04-02 14:20:11 +08:00
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}]
runtime_type = "{{ runtime.type }}"
runtime_engine = "{{ runtime.engine }}"
runtime_root = "{{ runtime.root }}"
2022-09-24 01:38:27 +08:00
{% if runtime.base_runtime_spec is defined %}
base_runtime_spec = "{{ containerd_cfg_dir }}/{{ runtime.base_runtime_spec }}"
{% endif %}
2021-04-02 14:20:11 +08:00
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}.options]
{% for key, value in runtime.options.items() %}
2023-10-31 00:54:31 +08:00
{% if value | string != "true" and value | string != "false" %}
{{ key }} = "{{ value }}"
{% else %}
2021-04-02 14:20:11 +08:00
{{ key }} = {{ value }}
2023-10-31 00:54:31 +08:00
{% endif %}
2019-06-30 05:09:20 +08:00
{% endfor %}
2020-02-17 18:15:29 +08:00
{% endfor %}
2020-06-22 15:28:39 +08:00
{% if kata_containers_enabled %}
2021-04-02 14:20:11 +08:00
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-qemu]
runtime_type = "io.containerd.kata-qemu.v2"
2021-06-21 20:18:51 +08:00
{% endif %}
{% if gvisor_enabled %}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runsc]
runtime_type = "io.containerd.runsc.v1"
2020-06-22 15:28:39 +08:00
{% endif %}
2021-04-02 14:20:11 +08:00
[plugins."io.containerd.grpc.v1.cri".registry]
2023-02-17 12:57:39 +08:00
{% if containerd_use_config_path is defined and containerd_use_config_path|bool %}
2023-01-17 15:42:32 +08:00
config_path = "{{ containerd_cfg_dir }}/certs.d"
2023-02-17 12:57:39 +08:00
{% else %}
2021-04-02 14:20:11 +08:00
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
2023-08-16 20:18:27 +08:00
{% set insecure_registries_addr = [] %}
{% for registry in containerd_registries_mirrors %}
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry.prefix }}"]
{% set endpoint = [] %}
{% for mirror in registry.mirrors %}
{% if endpoint.append(mirror.host) %}{% endif %}
{% if mirror.skip_verify is defined and mirror.skip_verify|bool %}{% if insecure_registries_addr.append(mirror.host | urlsplit('netloc')) %}{% endif %}{% endif %}
2019-06-30 05:09:20 +08:00
{% endfor %}
2023-08-16 20:18:27 +08:00
endpoint = ["{{ ( endpoint | unique ) | join('","') }}"]
2022-08-23 14:13:23 +08:00
{% endfor %}
2023-08-16 20:18:27 +08:00
{% for addr in insecure_registries_addr | unique %}
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ addr }}".tls]
2021-12-13 16:41:58 +08:00
insecure_skip_verify = true
{% endfor %}
2022-01-05 18:56:33 +08:00
{% endif %}
2021-08-23 21:40:00 +08:00
{% for registry in containerd_registry_auth if registry['registry'] is defined %}
{% if (registry['username'] is defined and registry['password'] is defined) or registry['auth'] is defined %}
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry['registry'] }}".auth]
{% if registry['username'] is defined and registry['password'] is defined %}
password = "{{ registry['password'] }}"
username = "{{ registry['username'] }}"
{% else %}
auth = "{{ registry['auth'] }}"
{% endif %}
{% endif %}
{% endfor %}
2021-04-12 16:02:00 +08:00
Refactor NRI activation for containerd and CRI-O (#10470)
Refactor NRI (Node Resource Interface) activation in CRI-O and
containerd. Introduce a shared variable, nri_enabled, to streamline
the process. Currently, enabling NRI requires a separate update of
defaults for each container runtime independently, without any
verification of NRI support for the specific version of containerd
or CRI-O in use.
With this commit, the previous approach is replaced. Now, a single
variable, nri_enabled, handles this functionality. Also, this commit
separates the responsibility of verifying NRI supported versions of
containerd and CRI-O from cluster administrators, and leaves it to
Ansible.
Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
2023-09-26 23:05:25 +08:00
{% if nri_enabled and containerd_version >= 1.7.0 %}
2023-09-21 15:30:19 +08:00
[plugins."io.containerd.nri.v1.nri"]
Refactor NRI activation for containerd and CRI-O (#10470)
Refactor NRI (Node Resource Interface) activation in CRI-O and
containerd. Introduce a shared variable, nri_enabled, to streamline
the process. Currently, enabling NRI requires a separate update of
defaults for each container runtime independently, without any
verification of NRI support for the specific version of containerd
or CRI-O in use.
With this commit, the previous approach is replaced. Now, a single
variable, nri_enabled, handles this functionality. Also, this commit
separates the responsibility of verifying NRI supported versions of
containerd and CRI-O from cluster administrators, and leaves it to
Ansible.
Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
2023-09-26 23:05:25 +08:00
disable = false
{% endif %}
2023-09-21 15:30:19 +08:00
2021-04-12 16:02:00 +08:00
{% if containerd_extra_args is defined %}
{{ containerd_extra_args }}
{% endif %}