dc5df57c26
When privileged is enabled for a container, all the `/dev/*` block
devices from the host are mounted into the guest. The
`privileged_without_host_devices` flag prevents host devices from
being passed to privileged containers.
More information:
* https://github.com/containerd/cri/pull/1225
* 1d0f68156b
80 lines
2.7 KiB
Django/Jinja
80 lines
2.7 KiB
Django/Jinja
# persistent data location
|
|
root = "{{ containerd_metadata_root_dir }}"
|
|
# runtime state information
|
|
state = "{{ containerd_state_dir }}"
|
|
|
|
# Kubernetes doesn't use containerd restart manager.
|
|
disabled_plugins = ["restart"]
|
|
|
|
[debug]
|
|
level = "{{ containerd_config.debug.level | default("") }}"
|
|
|
|
{% if 'grpc' in containerd_config %}
|
|
[grpc]
|
|
{% for param, value in containerd_config.grpc.items() %}
|
|
{{ param }} = {{ value }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
[plugins.linux]
|
|
shim = "/usr/bin/containerd-shim"
|
|
runtime = "{{ runc_binary }}"
|
|
|
|
[plugins.cri]
|
|
stream_server_address = "127.0.0.1"
|
|
max_container_log_line_size = {{ containerd_config.max_container_log_line_size }}
|
|
sandbox_image = "{{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
|
|
systemd_cgroup = {{ containerd_use_systemd_cgroup|lower }}
|
|
|
|
[plugins.cri.cni]
|
|
bin_dir = "/opt/cni/bin"
|
|
conf_dir = "/etc/cni/net.d"
|
|
conf_template = ""
|
|
|
|
{% if 'containerd' in containerd_config %}
|
|
[plugins.cri.containerd]
|
|
{% for param, value in containerd_config.containerd.items() %}
|
|
{{ param }} = "{{ value }}"
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
[plugins.cri.containerd.default_runtime]
|
|
runtime_type = "{{ containerd_default_runtime.type }}"
|
|
runtime_engine = "{{ containerd_default_runtime.engine }}"
|
|
runtime_root = "{{ containerd_default_runtime.root }}"
|
|
privileged_without_host_devices = {{ containerd_default_runtime.privileged_without_host_devices|default(false)|lower }}
|
|
|
|
{% if kata_containers_enabled %}
|
|
[plugins.cri.containerd.runtimes.kata-qemu]
|
|
runtime_type = "io.containerd.kata-qemu.v2"
|
|
[plugins.cri.containerd.runtimes.kata-qemu.options]
|
|
ConfigPath = "/etc/kata-containers/configuration-qemu.toml"
|
|
{% endif %}
|
|
|
|
{% for runtime in containerd_runtimes %}
|
|
[plugins.cri.containerd.runtimes.{{ runtime.name }}]
|
|
runtime_type = "{{ runtime.type }}"
|
|
runtime_engine = "{{ runtime.engine }}"
|
|
runtime_root = "{{ runtime.root }}"
|
|
privileged_without_host_devices = {{ runtime.privileged_without_host_devices|default(false)|lower }}
|
|
{% endfor %}
|
|
|
|
[plugins.cri.containerd.untrusted_workload_runtime]
|
|
runtime_type = "{{ containerd_untrusted_runtime_type }}"
|
|
runtime_engine = "{{ containerd_untrusted_runtime_engine }}"
|
|
runtime_root = "{{ containerd_untrusted_runtime_root }}"
|
|
|
|
{% if 'registries' in containerd_config %}
|
|
[plugins.cri.registry]
|
|
[plugins.cri.registry.mirrors]
|
|
{% for registry, addr in containerd_config.registries.items() %}
|
|
[plugins.cri.registry.mirrors."{{ registry }}"]
|
|
endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if 'metrics' in containerd_config %}
|
|
[metrics]
|
|
address = "{{ containerd_config.metrics.address | default('') }}"
|
|
grpc_histogram = {{ containerd_config.metrics.grpc_histogram | default(false) | lower }}
|
|
{% endif %}
|