mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-03-08 11:07:43 +03:00
Fix containerd 2.x configuration (#11963)
Signed-off-by: ekko <lihai.tu@daocloud.io>
This commit is contained in:
Ekko
@@ -108,7 +108,7 @@
|
|||||||
|
|
||||||
- name: Containerd | Copy containerd config file
|
- name: Containerd | Copy containerd config file
|
||||||
template:
|
template:
|
||||||
src: config.toml.j2
|
src: "{{ 'config.toml.j2' if containerd_version is version('2.0.0', '>=') else 'config-v1.toml.j2' }}"
|
||||||
dest: "{{ containerd_cfg_dir }}/config.toml"
|
dest: "{{ containerd_cfg_dir }}/config.toml"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
|
|||||||
102
roles/container-engine/containerd/templates/config-v1.toml.j2
Normal file
102
roles/container-engine/containerd/templates/config-v1.toml.j2
Normal file
@@ -0,0 +1,102 @@
|
|||||||
|
# This is for containerd v1 for compatibility
|
||||||
|
version = 2
|
||||||
|
|
||||||
|
root = "{{ containerd_storage_dir }}"
|
||||||
|
state = "{{ containerd_state_dir }}"
|
||||||
|
oom_score = {{ containerd_oom_score }}
|
||||||
|
|
||||||
|
{% if containerd_extra_args is defined %}
|
||||||
|
{{ containerd_extra_args }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
[grpc]
|
||||||
|
max_recv_message_size = {{ containerd_grpc_max_recv_message_size }}
|
||||||
|
max_send_message_size = {{ containerd_grpc_max_send_message_size }}
|
||||||
|
|
||||||
|
[debug]
|
||||||
|
address = "{{ containerd_debug_address }}"
|
||||||
|
level = "{{ containerd_debug_level }}"
|
||||||
|
format = "{{ containerd_debug_format }}"
|
||||||
|
uid = {{ containerd_debug_uid }}
|
||||||
|
gid = {{ containerd_debug_gid }}
|
||||||
|
|
||||||
|
[metrics]
|
||||||
|
address = "{{ containerd_metrics_address }}"
|
||||||
|
grpc_histogram = {{ containerd_metrics_grpc_histogram | lower }}
|
||||||
|
|
||||||
|
[plugins]
|
||||||
|
[plugins."io.containerd.grpc.v1.cri"]
|
||||||
|
sandbox_image = "{{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
|
||||||
|
max_container_log_line_size = {{ containerd_max_container_log_line_size }}
|
||||||
|
enable_unprivileged_ports = {{ containerd_enable_unprivileged_ports | lower }}
|
||||||
|
enable_unprivileged_icmp = {{ containerd_enable_unprivileged_icmp | lower }}
|
||||||
|
enable_selinux = {{ containerd_enable_selinux | lower }}
|
||||||
|
disable_apparmor = {{ containerd_disable_apparmor | lower }}
|
||||||
|
tolerate_missing_hugetlb_controller = {{ containerd_tolerate_missing_hugetlb_controller | lower }}
|
||||||
|
disable_hugetlb_controller = {{ containerd_disable_hugetlb_controller | lower }}
|
||||||
|
image_pull_progress_timeout = "{{ containerd_image_pull_progress_timeout }}"
|
||||||
|
{% if enable_cdi %}
|
||||||
|
enable_cdi = true
|
||||||
|
cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
|
||||||
|
{% endif %}
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd]
|
||||||
|
default_runtime_name = "{{ containerd_default_runtime }}"
|
||||||
|
snapshotter = "{{ containerd_snapshotter }}"
|
||||||
|
discard_unpacked_layers = {{ containerd_discard_unpacked_layers | lower }}
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
|
||||||
|
{% for runtime in [containerd_runc_runtime] + containerd_additional_runtimes %}
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}]
|
||||||
|
runtime_type = "{{ runtime.type }}"
|
||||||
|
runtime_engine = "{{ runtime.engine }}"
|
||||||
|
runtime_root = "{{ runtime.root }}"
|
||||||
|
{% if runtime.base_runtime_spec is defined %}
|
||||||
|
base_runtime_spec = "{{ containerd_cfg_dir }}/{{ runtime.base_runtime_spec }}"
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}.options]
|
||||||
|
{% for key, value in runtime.options.items() %}
|
||||||
|
{% if value | string != "true" and value | string != "false" %}
|
||||||
|
{{ key }} = "{{ value }}"
|
||||||
|
{% else %}
|
||||||
|
{{ key }} = {{ value }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
{% if kata_containers_enabled %}
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-qemu]
|
||||||
|
runtime_type = "io.containerd.kata-qemu.v2"
|
||||||
|
{% endif %}
|
||||||
|
{% if gvisor_enabled %}
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runsc]
|
||||||
|
runtime_type = "io.containerd.runsc.v1"
|
||||||
|
{% endif %}
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".registry]
|
||||||
|
config_path = "{{ containerd_cfg_dir }}/certs.d"
|
||||||
|
{% for registry in containerd_registry_auth if registry['registry'] is defined %}
|
||||||
|
{% if (registry['username'] is defined and registry['password'] is defined) or registry['auth'] is defined %}
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry['registry'] }}".auth]
|
||||||
|
{% if registry['username'] is defined and registry['password'] is defined %}
|
||||||
|
password = "{{ registry['password'] }}"
|
||||||
|
username = "{{ registry['username'] }}"
|
||||||
|
{% else %}
|
||||||
|
auth = "{{ registry['auth'] }}"
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{% if nri_enabled and containerd_version is version('1.7.0', '>=') %}
|
||||||
|
[plugins."io.containerd.nri.v1.nri"]
|
||||||
|
disable = false
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if containerd_tracing_enabled %}
|
||||||
|
[plugins."io.containerd.tracing.processor.v1.otlp"]
|
||||||
|
endpoint = "{{ containerd_tracing_endpoint }}"
|
||||||
|
protocol = "{{ containerd_tracing_protocol }}"
|
||||||
|
{% if containerd_tracing_protocol == "grpc" %}
|
||||||
|
insecure = false
|
||||||
|
{% endif %}
|
||||||
|
[plugins."io.containerd.internal.v1.tracing"]
|
||||||
|
sampling_ratio = {{ containerd_tracing_sampling_ratio }}
|
||||||
|
service_name = "{{ containerd_tracing_service_name }}"
|
||||||
|
{% endif %}
|
||||||
@@ -1,9 +1,4 @@
|
|||||||
{% if containerd_version is version('2.0.0', '>=') %}
|
|
||||||
version = 3
|
version = 3
|
||||||
{% else %}
|
|
||||||
version = 2
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
|
|
||||||
root = "{{ containerd_storage_dir }}"
|
root = "{{ containerd_storage_dir }}"
|
||||||
state = "{{ containerd_state_dir }}"
|
state = "{{ containerd_state_dir }}"
|
||||||
@@ -29,8 +24,7 @@ oom_score = {{ containerd_oom_score }}
|
|||||||
grpc_histogram = {{ containerd_metrics_grpc_histogram | lower }}
|
grpc_histogram = {{ containerd_metrics_grpc_histogram | lower }}
|
||||||
|
|
||||||
[plugins]
|
[plugins]
|
||||||
[plugins."io.containerd.grpc.v1.cri"]
|
[plugins."io.containerd.cri.v1.runtime"]
|
||||||
sandbox_image = "{{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
|
|
||||||
max_container_log_line_size = {{ containerd_max_container_log_line_size }}
|
max_container_log_line_size = {{ containerd_max_container_log_line_size }}
|
||||||
enable_unprivileged_ports = {{ containerd_enable_unprivileged_ports | lower }}
|
enable_unprivileged_ports = {{ containerd_enable_unprivileged_ports | lower }}
|
||||||
enable_unprivileged_icmp = {{ containerd_enable_unprivileged_icmp | lower }}
|
enable_unprivileged_icmp = {{ containerd_enable_unprivileged_icmp | lower }}
|
||||||
@@ -38,57 +32,51 @@ oom_score = {{ containerd_oom_score }}
|
|||||||
disable_apparmor = {{ containerd_disable_apparmor | lower }}
|
disable_apparmor = {{ containerd_disable_apparmor | lower }}
|
||||||
tolerate_missing_hugetlb_controller = {{ containerd_tolerate_missing_hugetlb_controller | lower }}
|
tolerate_missing_hugetlb_controller = {{ containerd_tolerate_missing_hugetlb_controller | lower }}
|
||||||
disable_hugetlb_controller = {{ containerd_disable_hugetlb_controller | lower }}
|
disable_hugetlb_controller = {{ containerd_disable_hugetlb_controller | lower }}
|
||||||
image_pull_progress_timeout = "{{ containerd_image_pull_progress_timeout }}"
|
|
||||||
{% if enable_cdi %}
|
{% if enable_cdi %}
|
||||||
enable_cdi = true
|
enable_cdi = true
|
||||||
cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
|
cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
|
||||||
{% endif %}
|
{% endif %}
|
||||||
[plugins."io.containerd.grpc.v1.cri".containerd]
|
|
||||||
default_runtime_name = "{{ containerd_default_runtime }}"
|
[plugins."io.containerd.cri.v1.runtime".containerd]
|
||||||
snapshotter = "{{ containerd_snapshotter }}"
|
default_runtime_name = "{{ containerd_default_runtime }}"
|
||||||
discard_unpacked_layers = {{ containerd_discard_unpacked_layers | lower }}
|
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes]
|
||||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
|
|
||||||
{% for runtime in [containerd_runc_runtime] + containerd_additional_runtimes %}
|
{% for runtime in [containerd_runc_runtime] + containerd_additional_runtimes %}
|
||||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}]
|
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.{{ runtime.name }}]
|
||||||
runtime_type = "{{ runtime.type }}"
|
runtime_type = "{{ runtime.type }}"
|
||||||
runtime_engine = "{{ runtime.engine }}"
|
runtime_engine = "{{ runtime.engine }}"
|
||||||
runtime_root = "{{ runtime.root }}"
|
runtime_root = "{{ runtime.root }}"
|
||||||
{% if runtime.base_runtime_spec is defined %}
|
{% if runtime.base_runtime_spec is defined %}
|
||||||
base_runtime_spec = "{{ containerd_cfg_dir }}/{{ runtime.base_runtime_spec }}"
|
base_runtime_spec = "{{ containerd_cfg_dir }}/{{ runtime.base_runtime_spec }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}.options]
|
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.{{ runtime.name }}.options]
|
||||||
{% for key, value in runtime.options.items() %}
|
{% for key, value in runtime.options.items() %}
|
||||||
{% if value | string != "true" and value | string != "false" %}
|
{% if value | string != "true" and value | string != "false" %}
|
||||||
{{ key }} = "{{ value }}"
|
{{ key }} = "{{ value }}"
|
||||||
{% else %}
|
{% else %}
|
||||||
{{ key }} = {{ value }}
|
{{ key }} = {{ value }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if kata_containers_enabled %}
|
{% if kata_containers_enabled %}
|
||||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-qemu]
|
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.kata-qemu]
|
||||||
runtime_type = "io.containerd.kata-qemu.v2"
|
runtime_type = "io.containerd.kata-qemu.v2"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if gvisor_enabled %}
|
{% if gvisor_enabled %}
|
||||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runsc]
|
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runsc]
|
||||||
runtime_type = "io.containerd.runsc.v1"
|
runtime_type = "io.containerd.runsc.v1"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
[plugins."io.containerd.grpc.v1.cri".registry]
|
|
||||||
config_path = "{{ containerd_cfg_dir }}/certs.d"
|
|
||||||
{% for registry in containerd_registry_auth if registry['registry'] is defined %}
|
|
||||||
{% if (registry['username'] is defined and registry['password'] is defined) or registry['auth'] is defined %}
|
|
||||||
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry['registry'] }}".auth]
|
|
||||||
{% if registry['username'] is defined and registry['password'] is defined %}
|
|
||||||
password = "{{ registry['password'] }}"
|
|
||||||
username = "{{ registry['username'] }}"
|
|
||||||
{% else %}
|
|
||||||
auth = "{{ registry['auth'] }}"
|
|
||||||
{% endif %}
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
{% if nri_enabled and containerd_version is version('1.7.0', '>=') %}
|
[plugins."io.containerd.cri.v1.images"]
|
||||||
|
snapshotter = "{{ containerd_snapshotter }}"
|
||||||
|
discard_unpacked_layers = {{ containerd_discard_unpacked_layers | lower }}
|
||||||
|
image_pull_progress_timeout = "{{ containerd_image_pull_progress_timeout }}"
|
||||||
|
[plugins."io.containerd.cri.v1.images".pinned_images]
|
||||||
|
sandbox = "{{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
|
||||||
|
[plugins."io.containerd.cri.v1.images".registry]
|
||||||
|
config_path = "{{ containerd_cfg_dir }}/certs.d"
|
||||||
|
|
||||||
|
{% if nri_enabled %}
|
||||||
[plugins."io.containerd.nri.v1.nri"]
|
[plugins."io.containerd.nri.v1.nri"]
|
||||||
disable = false
|
disable = false
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
Reference in New Issue
Block a user