#cloud-config

write_files:
  - path: /etc/systemd/system/containerd-installation.service
    permissions: 0644
    owner: root
    content: |
      # installed by cloud-init
      [Unit]
      Description=Download and install containerd binaries and configurations.
      After=network-online.target

      [Service]
      Type=oneshot
      RemainAfterExit=yes
      ExecStartPre=/bin/mkdir -p /home/containerd
      ExecStartPre=/bin/mount --bind /home/containerd /home/containerd
      ExecStartPre=/bin/mount -o remount,exec /home/containerd
      ExecStartPre=/usr/bin/curl --fail --retry 5 --retry-delay 3 --silent --show-error -H "X-Google-Metadata-Request: True" -o /home/containerd/configure.sh http://metadata.google.internal/computeMetadata/v1/instance/attributes/containerd-configure-sh
      ExecStartPre=/bin/chmod 544 /home/containerd/configure.sh
      ExecStart=/home/containerd/configure.sh

      [Install]
      WantedBy=containerd.target

  - path: /etc/containerd/config.toml
    permissions: 0644
    owner: root
    content: |
      [plugins.linux]
        shim = "/home/containerd/usr/local/bin/containerd-shim"
        runtime = "/home/containerd/usr/local/sbin/runc"

      [plugins.cri]
        enable_tls_streaming = true
      [plugins.cri.cni]
        bin_dir = "/home/containerd/opt/cni/bin"
        conf_dir = "/home/containerd/etc/cni/net.d"
      [plugins.cri.registry.mirrors."docker.io"]
        endpoint = ["https://mirror.gcr.io","https://registry-1.docker.io"]

  - path: /etc/systemd/system/containerd.service
    permissions: 0644
    owner: root
    content: |
      # installed by cloud-init
      [Unit]
      Description=containerd container runtime
      Documentation=https://containerd.io
      After=containerd-installation.service

      [Service]
      Restart=always
      RestartSec=5
      Delegate=yes
      KillMode=process
      OOMScoreAdjust=-999
      LimitNOFILE=1048576
      # Having non-zero Limit*s causes performance problems due to accounting overhead
      # in the kernel. We recommend using cgroups to do container-local accounting.
      LimitNPROC=infinity
      LimitCORE=infinity
      ExecStartPre=/sbin/modprobe overlay
      ExecStart=/home/containerd/usr/local/bin/containerd --log-level debug

      [Install]
      WantedBy=containerd.target

  - path: /etc/systemd/system/containerd.target
    permissions: 0644
    owner: root
    content: |
      [Unit]
      Description=Containerd

      [Install]
      WantedBy=multi-user.target

runcmd:
  - systemctl daemon-reload
  - systemctl enable containerd-installation.service
  - systemctl enable containerd.service
  - systemctl enable containerd.target
  - systemctl start containerd.target