c8ec77a734
* [containerd] Add config for unpriviledged ports and icmp * Updated to match true false variables of other setting
75 lines
2.3 KiB
YAML
75 lines
2.3 KiB
YAML
---
|
|
containerd_storage_dir: "/var/lib/containerd"
|
|
containerd_state_dir: "/run/containerd"
|
|
containerd_systemd_dir: "/etc/systemd/system/containerd.service.d"
|
|
# The default value is not -999 here because containerd's oom_score_adj has been
|
|
# set to the -999 even if containerd_oom_score is 0.
|
|
# Ref: https://github.com/kubernetes-sigs/kubespray/pull/9275#issuecomment-1246499242
|
|
containerd_oom_score: 0
|
|
|
|
# containerd_default_runtime: "runc"
|
|
# containerd_snapshotter: "native"
|
|
|
|
containerd_runc_runtime:
|
|
name: runc
|
|
type: "io.containerd.runc.v2"
|
|
engine: ""
|
|
root: ""
|
|
base_runtime_spec: cri-base.json
|
|
options:
|
|
systemdCgroup: "{{ containerd_use_systemd_cgroup | ternary('true', 'false') }}"
|
|
|
|
containerd_additional_runtimes: []
|
|
# Example for Kata Containers as additional runtime:
|
|
# - name: kata
|
|
# type: "io.containerd.kata.v2"
|
|
# engine: ""
|
|
# root: ""
|
|
|
|
containerd_base_runtime_spec_rlimit_nofile: 65535
|
|
|
|
containerd_default_base_runtime_spec_patch:
|
|
process:
|
|
rlimits:
|
|
- type: RLIMIT_NOFILE
|
|
hard: "{{ containerd_base_runtime_spec_rlimit_nofile }}"
|
|
soft: "{{ containerd_base_runtime_spec_rlimit_nofile }}"
|
|
|
|
containerd_base_runtime_specs:
|
|
cri-base.json: "{{ containerd_default_base_runtime_spec | combine(containerd_default_base_runtime_spec_patch,recursive=1) }}"
|
|
|
|
containerd_grpc_max_recv_message_size: 16777216
|
|
containerd_grpc_max_send_message_size: 16777216
|
|
|
|
containerd_debug_level: "info"
|
|
|
|
containerd_metrics_address: ""
|
|
|
|
containerd_metrics_grpc_histogram: false
|
|
|
|
containerd_registries:
|
|
"docker.io": "https://registry-1.docker.io"
|
|
|
|
containerd_max_container_log_line_size: -1
|
|
|
|
# If enabled it will allow non root users to use port numbers <1024
|
|
containerd_enable_unprivileged_ports: false
|
|
# If enabled it will allow non root users to use icmp sockets
|
|
containerd_enable_unprivileged_icmp: false
|
|
|
|
containerd_cfg_dir: /etc/containerd
|
|
|
|
# Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally
|
|
containerd_extra_args: ''
|
|
|
|
# Configure registry auth (if applicable to secure/insecure registries)
|
|
containerd_registry_auth: []
|
|
# - registry: 10.0.0.2:5000
|
|
# username: user
|
|
# password: pass
|
|
|
|
# Configure containerd service
|
|
containerd_limit_proc_num: "infinity"
|
|
containerd_limit_core: "infinity"
|
|
containerd_limit_open_file_num: "infinity"
|
|
containerd_limit_mem_lock: "infinity"
|