Support runtime specific configurations.
Signed-off-by: Lantao Liu <lantaol@google.com>
This commit is contained in:
Lantao Liu
@@ -21,17 +21,21 @@ The explanation and default value of each configuration item are as follows:
|
||||
# stats_collect_period is the period (in seconds) of snapshots stats collection.
|
||||
stats_collect_period = 10
|
||||
|
||||
# systemd_cgroup enables systemd cgroup support.
|
||||
# systemd_cgroup enables systemd cgroup support. This only works for runtime
|
||||
# type "io.containerd.runtime.v1.linux".
|
||||
# DEPRECATED: use Runtime.Options for runtime specific config for shim v2 runtimes.
|
||||
# For runtime "io.containerd.runc.v1", use the option `SystemdCgroup`.
|
||||
systemd_cgroup = false
|
||||
|
||||
# enable_tls_streaming enables the TLS streaming support.
|
||||
# enable_tls_streaming enables the TLS streaming support.
|
||||
# It generates a self-sign certificate unless the following x509_key_pair_streaming are both set.
|
||||
enable_tls_streaming = false
|
||||
|
||||
|
||||
# "plugins.cri.x509_key_pair_streaming" contains a x509 valid key pair to stream with tls.
|
||||
[plugins.cri.x509_key_pair_streaming]
|
||||
# tls_cert_file is the filepath to the certificate paired with the "tls_key_file"
|
||||
tls_cert_file = ""
|
||||
|
||||
# tls_key_file is the filepath to the private key paired with the "tls_cert_file"
|
||||
tls_key_file = ""
|
||||
|
||||
@@ -46,7 +50,10 @@ The explanation and default value of each configuration item are as follows:
|
||||
# snapshotter is the snapshotter used by containerd.
|
||||
snapshotter = "overlayfs"
|
||||
|
||||
# no_pivot disables pivot-root (linux only), required when running a container in a RamDisk with runc
|
||||
# no_pivot disables pivot-root (linux only), required when running a container in a RamDisk with runc.
|
||||
# This only works for runtime type "io.containerd.runtime.v1.linux".
|
||||
# DEPRECATED: use Runtime.Options for runtime specific config for shim v2 runtimes.
|
||||
# For runtime "io.containerd.runc.v1", use the option `NoPivotRoot`.
|
||||
no_pivot = false
|
||||
|
||||
# "plugins.cri.containerd.default_runtime" is the runtime to use in containerd.
|
||||
@@ -55,17 +62,41 @@ The explanation and default value of each configuration item are as follows:
|
||||
runtime_type = "io.containerd.runtime.v1.linux"
|
||||
|
||||
# runtime_engine is the name of the runtime engine used by containerd.
|
||||
# This only works for runtime type "io.containerd.runtime.v1.linux".
|
||||
# DEPRECATED: use Runtime.Options for runtime specific config for shim v2 runtimes.
|
||||
# For runtime "io.containerd.runc.v1", use the option `BinaryName`.
|
||||
runtime_engine = ""
|
||||
|
||||
# runtime_root is the directory used by containerd for runtime state.
|
||||
# This only works for runtime type "io.containerd.runtime.v1.linux".
|
||||
# DEPRECATED: use Runtime.Options for runtime specific config for shim v2 runtimes.
|
||||
# For runtime "io.containerd.runc.v1", use the option `Root`.
|
||||
runtime_root = ""
|
||||
|
||||
# "plugins.cri.containerd.untrusted_workload_runtime" is a runtime to run untrusted workloads on it.
|
||||
# "plugins.cri.containerd.default_runtime.options" is options specific to
|
||||
# the default runtime. The options type for "io.containerd.runtime.v1.linux" is:
|
||||
# https://github.com/containerd/containerd/blob/v1.2.0-rc.1/runtime/linux/runctypes/runc.pb.go#L40
|
||||
# NOTE: when `options` is specified, all related deprecated options will
|
||||
# be ignored, including `systemd_cgroup`, `no_pivot`, `runtime_engine`
|
||||
# and `runtime_root`.
|
||||
[plugins.cri.containerd.default_runtime.options]
|
||||
# Runtime is the binary name of the runtime.
|
||||
Runtime = ""
|
||||
|
||||
# RuntimeRoot is the root directory of the runtime.
|
||||
RuntimeRoot = ""
|
||||
|
||||
# CriuPath is the criu binary path.
|
||||
CriuPath = ""
|
||||
|
||||
# SystemdCgroup enables systemd cgroups.
|
||||
SystemdCgroup = false
|
||||
|
||||
# "plugins.cri.containerd.untrusted_workload_runtime" is a runtime to run untrusted workloads on it.
|
||||
# DEPRECATED: use plugins.cri.runtimes instead. If provided, this runtime is mapped to the
|
||||
# runtime handler named 'untrusted'. It is a configuration error to provide both the (now
|
||||
# deprecated) UntrustedWorkloadRuntime and a handler in the Runtimes handler map (below) for
|
||||
# 'untrusted' workloads at the same time. Please provide one or the other.
|
||||
# runtime handler named 'untrusted'. It is a configuration error to provide both the (now
|
||||
# deprecated) UntrustedWorkloadRuntime and a handler in the Runtimes handler map (below) for
|
||||
# 'untrusted' workloads at the same time. Please provide one or the other.
|
||||
[plugins.cri.containerd.untrusted_workload_runtime]
|
||||
# runtime_type is the runtime type to use in containerd e.g. io.containerd.runtime.v1.linux
|
||||
runtime_type = ""
|
||||
@@ -78,16 +109,41 @@ The explanation and default value of each configuration item are as follows:
|
||||
|
||||
# plugins.cri.containerd.runtimes is a map from CRI RuntimeHandler strings, which specify types
|
||||
# of runtime configurations, to the matching configurations. In this example,
|
||||
# 'runtime_handler_name' is the RuntimeHandler string to match.
|
||||
[plugins.cri.containerd.runtimes.runtime_handler_name]
|
||||
# 'runc' is the RuntimeHandler string to match.
|
||||
[plugins.cri.containerd.runtimes.runc]
|
||||
# runtime_type is the runtime type to use in containerd e.g. io.containerd.runtime.v1.linux
|
||||
runtime_type = ""
|
||||
runtime_type = "io.containerd.runc.v1"
|
||||
|
||||
# runtime_engine is the name of the runtime engine used by containerd.
|
||||
runtime_engine = ""
|
||||
# "plugins.cri.containerd.runtimes.runc.options" is options specific to
|
||||
# "io.containerd.runc.v1". Its corresponding options type is:
|
||||
# https://github.com/containerd/containerd/blob/v1.2.0-rc.1/runtime/v2/runc/options/oci.pb.go#L39.
|
||||
[plugins.cri.containerd.runtimes.runc.options]
|
||||
# NoPivotRoot disables pivot root when creating a container.
|
||||
NoPivotRoot = false
|
||||
|
||||
# runtime_root is the directory used by containerd for runtime state.
|
||||
runtime_root = ""
|
||||
# NoNewKeyring disables new keyring for the container.
|
||||
NoNewKeyring = false
|
||||
|
||||
# ShimCgroup places the shim in a cgroup.
|
||||
ShimCgroup = ""
|
||||
|
||||
# IoUid sets the I/O's pipes uid.
|
||||
IoUid = 0
|
||||
|
||||
# IoGid sets the I/O's pipes gid.
|
||||
IoGid = 0
|
||||
|
||||
# BinaryName is the binary name of the runc binary.
|
||||
BinaryName = ""
|
||||
|
||||
# Root is the runc root directory.
|
||||
Root = ""
|
||||
|
||||
# CriuPath is the criu binary path.
|
||||
CriuPath = ""
|
||||
|
||||
# SystemdCgroup enables systemd cgroups.
|
||||
SystemdCgroup = false
|
||||
|
||||
# "plugins.cri.cni" contains config related to cni
|
||||
[plugins.cri.cni]
|
||||
|
||||
Reference in New Issue
Block a user