kubespray/roles/container-engine/containerd/defaults/main.yml

108 lines
3.0 KiB
YAML
Raw Normal View History

---
containerd_storage_dir: "/var/lib/containerd"
containerd_state_dir: "/run/containerd"
containerd_systemd_dir: "/etc/systemd/system/containerd.service.d"
# The default value is not -999 here because containerd's oom_score_adj has been
# set to the -999 even if containerd_oom_score is 0.
# Ref: https://github.com/kubernetes-sigs/kubespray/pull/9275#issuecomment-1246499242
containerd_oom_score: 0
# containerd_default_runtime: "runc"
# containerd_snapshotter: "native"
containerd_runc_runtime:
name: runc
type: "io.containerd.runc.v2"
engine: ""
root: ""
base_runtime_spec: cri-base.json
options:
systemdCgroup: "{{ containerd_use_systemd_cgroup | ternary('true', 'false') }}"
binaryName: "{{ bin_dir }}/runc"
containerd_additional_runtimes: []
# Example for Kata Containers as additional runtime:
# - name: kata
# type: "io.containerd.kata.v2"
# engine: ""
# root: ""
containerd_base_runtime_spec_rlimit_nofile: 65535
containerd_default_base_runtime_spec_patch:
process:
rlimits:
- type: RLIMIT_NOFILE
hard: "{{ containerd_base_runtime_spec_rlimit_nofile }}"
soft: "{{ containerd_base_runtime_spec_rlimit_nofile }}"
containerd_base_runtime_specs:
cri-base.json: "{{ containerd_default_base_runtime_spec | combine(containerd_default_base_runtime_spec_patch, recursive=1) }}"
containerd_grpc_max_recv_message_size: 16777216
containerd_grpc_max_send_message_size: 16777216
containerd_debug_level: "info"
containerd_metrics_address: ""
containerd_metrics_grpc_histogram: false
containerd_registries_mirrors:
- prefix: docker.io
mirrors:
- host: https://registry-1.docker.io
capabilities: ["pull", "resolve"]
skip_verify: false
containerd_max_container_log_line_size: -1
# If enabled it will allow non root users to use port numbers <1024
containerd_enable_unprivileged_ports: false
# If enabled it will allow non root users to use icmp sockets
containerd_enable_unprivileged_icmp: false
containerd_cfg_dir: /etc/containerd
# Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally
containerd_extra_args: ''
# Configure registry auth (if applicable to secure/insecure registries)
containerd_registry_auth: []
# - registry: 10.0.0.2:5000
# username: user
# password: pass
# Configure containerd service
containerd_limit_proc_num: "infinity"
containerd_limit_core: "infinity"
containerd_limit_open_file_num: "infinity"
containerd_limit_mem_lock: "infinity"
# If enabled it will use config_path and config to be put in {{ containerd_cfg_dir }}/certs.d/
containerd_use_config_path: false
# OS distributions that already support containerd
containerd_supported_distributions:
- "CentOS"
- "OracleLinux"
- "RedHat"
- "Ubuntu"
- "Debian"
- "Fedora"
- "AlmaLinux"
- "Rocky"
- "Amazon"
- "Flatcar"
- "Flatcar Container Linux by Kinvolk"
- "Suse"
- "openSUSE Leap"
- "openSUSE Tumbleweed"
- "Kylin Linux Advanced Server"
- "UnionTech"
- "UniontechOS"
- "openEuler"
# Enable container device interface
enable_cdi: false