From bd2619eaae0240ea0029495787c0e356997a07ae Mon Sep 17 00:00:00 2001 From: Shikha Vyaghra Date: Wed, 12 Jul 2023 20:32:49 +0000 Subject: [PATCH] api: enable setting rlimits and capabilities for ecs The fields default-capabilities and default-ulimits in etc/daemon.json holds the OCI default capabilities and resource limits that has been set using api-client respectively. These settings can be updated/added using api-client. --- packages/containerd/containerd-cri-base-json | 4 +- ...lt-capabilities-using-daemon-config.patch} | 0 packages/docker-engine/daemon-json | 9 +- packages/docker-engine/daemon-nvidia-json | 9 +- packages/docker-engine/docker-engine.spec | 1 + sources/api/schnauzer/src/helpers.rs | 255 ++++++++++++++---- ...es.toml => oci-defaults-capabilities.toml} | 3 +- .../oci-defaults-docker-resource-limits.toml | 3 + .../shared-defaults/oci-defaults-docker.toml | 2 + .../defaults.d/75-oci-defaults-docker.toml | 1 + .../76-oci-defaults-capabilities.toml | 1 + ...7-oci-defaults-docker-resource-limits.toml | 1 + sources/models/src/aws-ecs-1-nvidia/mod.rs | 3 +- .../defaults.d/75-oci-defaults-docker.toml | 1 + .../76-oci-defaults-capabilities.toml | 1 + ...7-oci-defaults-docker-resource-limits.toml | 1 + sources/models/src/aws-ecs-1/mod.rs | 3 +- .../defaults.d/75-oci-defaults-docker.toml | 1 + .../76-oci-defaults-capabilities.toml | 1 + ...7-oci-defaults-docker-resource-limits.toml | 1 + sources/models/src/aws-ecs-2-nvidia/mod.rs | 3 +- .../defaults.d/75-oci-defaults-docker.toml | 1 + .../76-oci-defaults-capabilities.toml | 1 + ...7-oci-defaults-docker-resource-limits.toml | 1 + sources/models/src/aws-ecs-2/mod.rs | 3 +- .../76-oci-defaults-capabilities.toml | 1 + ...-defaults-containerd-cri-capabilities.toml | 1 - .../76-oci-defaults-capabilities.toml | 1 + ...-defaults-containerd-cri-capabilities.toml | 1 - .../76-oci-defaults-capabilities.toml | 1 + ...-defaults-containerd-cri-capabilities.toml | 1 - .../76-oci-defaults-capabilities.toml | 1 + ...-defaults-containerd-cri-capabilities.toml | 1 - .../76-oci-defaults-capabilities.toml | 1 + ...-defaults-containerd-cri-capabilities.toml | 1 - .../76-oci-defaults-capabilities.toml | 1 + ...-defaults-containerd-cri-capabilities.toml | 1 - .../76-oci-defaults-capabilities.toml | 1 + ...-defaults-containerd-cri-capabilities.toml | 1 - .../76-oci-defaults-capabilities.toml | 1 + ...-defaults-containerd-cri-capabilities.toml | 1 - sources/models/src/lib.rs | 17 -- .../86-oci-defaults-capabilities.toml | 1 + ...-defaults-containerd-cri-capabilities.toml | 1 - .../86-oci-defaults-capabilities.toml | 1 + ...-defaults-containerd-cri-capabilities.toml | 1 - .../76-oci-defaults-capabilities.toml | 1 + ...-defaults-containerd-cri-capabilities.toml | 1 - .../76-oci-defaults-capabilities.toml | 1 + ...-defaults-containerd-cri-capabilities.toml | 1 - 50 files changed, 264 insertions(+), 87 deletions(-) rename packages/docker-engine/{0001-Change-default-capabilities-using-daemon-config.patch => 0002-Change-default-capabilities-using-daemon-config.patch} (100%) rename sources/models/shared-defaults/{oci-defaults-containerd-cri-capabilities.toml => oci-defaults-capabilities.toml} (73%) create mode 100644 sources/models/shared-defaults/oci-defaults-docker-resource-limits.toml create mode 100644 sources/models/shared-defaults/oci-defaults-docker.toml create mode 120000 sources/models/src/aws-ecs-1-nvidia/defaults.d/75-oci-defaults-docker.toml create mode 120000 sources/models/src/aws-ecs-1-nvidia/defaults.d/76-oci-defaults-capabilities.toml create mode 120000 sources/models/src/aws-ecs-1-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml create mode 120000 sources/models/src/aws-ecs-1/defaults.d/75-oci-defaults-docker.toml create mode 120000 sources/models/src/aws-ecs-1/defaults.d/76-oci-defaults-capabilities.toml create mode 120000 sources/models/src/aws-ecs-1/defaults.d/77-oci-defaults-docker-resource-limits.toml create mode 120000 sources/models/src/aws-ecs-2-nvidia/defaults.d/75-oci-defaults-docker.toml create mode 120000 sources/models/src/aws-ecs-2-nvidia/defaults.d/76-oci-defaults-capabilities.toml create mode 120000 sources/models/src/aws-ecs-2-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml create mode 120000 sources/models/src/aws-ecs-2/defaults.d/75-oci-defaults-docker.toml create mode 120000 sources/models/src/aws-ecs-2/defaults.d/76-oci-defaults-capabilities.toml create mode 120000 sources/models/src/aws-ecs-2/defaults.d/77-oci-defaults-docker-resource-limits.toml create mode 120000 sources/models/src/aws-k8s-1.24-nvidia/defaults.d/76-oci-defaults-capabilities.toml delete mode 120000 sources/models/src/aws-k8s-1.24-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml create mode 120000 sources/models/src/aws-k8s-1.24/defaults.d/76-oci-defaults-capabilities.toml delete mode 120000 sources/models/src/aws-k8s-1.24/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml create mode 120000 sources/models/src/aws-k8s-1.25-nvidia/defaults.d/76-oci-defaults-capabilities.toml delete mode 120000 sources/models/src/aws-k8s-1.25-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml create mode 120000 sources/models/src/aws-k8s-1.25/defaults.d/76-oci-defaults-capabilities.toml delete mode 120000 sources/models/src/aws-k8s-1.25/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml create mode 120000 sources/models/src/aws-k8s-1.26-nvidia/defaults.d/76-oci-defaults-capabilities.toml delete mode 120000 sources/models/src/aws-k8s-1.26-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml create mode 120000 sources/models/src/aws-k8s-1.26/defaults.d/76-oci-defaults-capabilities.toml delete mode 120000 sources/models/src/aws-k8s-1.26/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml create mode 120000 sources/models/src/aws-k8s-1.27-nvidia/defaults.d/76-oci-defaults-capabilities.toml delete mode 120000 sources/models/src/aws-k8s-1.27-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml create mode 120000 sources/models/src/aws-k8s-1.27/defaults.d/76-oci-defaults-capabilities.toml delete mode 120000 sources/models/src/aws-k8s-1.27/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml create mode 120000 sources/models/src/metal-k8s-1.24/defaults.d/86-oci-defaults-capabilities.toml delete mode 120000 sources/models/src/metal-k8s-1.24/defaults.d/86-oci-defaults-containerd-cri-capabilities.toml create mode 120000 sources/models/src/metal-k8s-1.27/defaults.d/86-oci-defaults-capabilities.toml delete mode 120000 sources/models/src/metal-k8s-1.27/defaults.d/86-oci-defaults-containerd-cri-capabilities.toml create mode 120000 sources/models/src/vmware-k8s-1.24/defaults.d/76-oci-defaults-capabilities.toml delete mode 120000 sources/models/src/vmware-k8s-1.24/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml create mode 120000 sources/models/src/vmware-k8s-1.27/defaults.d/76-oci-defaults-capabilities.toml delete mode 120000 sources/models/src/vmware-k8s-1.27/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml diff --git a/packages/containerd/containerd-cri-base-json b/packages/containerd/containerd-cri-base-json index f34d21c1084..5cfdc65aa52 100644 --- a/packages/containerd/containerd-cri-base-json +++ b/packages/containerd/containerd-cri-base-json @@ -8,12 +8,12 @@ "cwd": "/", {{~#if settings.oci-defaults.capabilities~}} "capabilities": { - {{~oci_defaults settings.oci-defaults.capabilities~}} + {{~oci_defaults "containerd" settings.oci-defaults.capabilities~}} }, {{~/if~}} {{~#if settings.oci-defaults.resource-limits~}} "rlimits": [ - {{~oci_defaults settings.oci-defaults.resource-limits~}} + {{~oci_defaults "containerd" settings.oci-defaults.resource-limits~}} ], {{~/if~}} "noNewPrivileges": true diff --git a/packages/docker-engine/0001-Change-default-capabilities-using-daemon-config.patch b/packages/docker-engine/0002-Change-default-capabilities-using-daemon-config.patch similarity index 100% rename from packages/docker-engine/0001-Change-default-capabilities-using-daemon-config.patch rename to packages/docker-engine/0002-Change-default-capabilities-using-daemon-config.patch diff --git a/packages/docker-engine/daemon-json b/packages/docker-engine/daemon-json index 6ab96c043b0..979bb005655 100644 --- a/packages/docker-engine/daemon-json +++ b/packages/docker-engine/daemon-json @@ -7,7 +7,14 @@ "default-runtime": "shimpei", "runtimes": { "shimpei": { "path": "shimpei" } }, "selinux-enabled": true, - "default-ulimits": { "nofile": { "Name": "nofile", "Soft": 1024, "Hard": 4096 } } + {{~#if settings.oci-defaults.capabilities~}} + "default-capabilities": {{~oci_defaults "docker" settings.oci-defaults.capabilities~}} + {{~/if~}} + {{~#if settings.oci-defaults.resource-limits~}} + "default-ulimits": { + {{~oci_defaults "docker" settings.oci-defaults.resource-limits~}} + } + {{~/if~}} {{#if settings.container-registry.mirrors}} {{#each settings.container-registry.mirrors}} {{#if (eq registry "docker.io" )}}, diff --git a/packages/docker-engine/daemon-nvidia-json b/packages/docker-engine/daemon-nvidia-json index dd98b772f60..5b53a34d0d3 100644 --- a/packages/docker-engine/daemon-nvidia-json +++ b/packages/docker-engine/daemon-nvidia-json @@ -7,7 +7,14 @@ "default-runtime": "shimpei", "runtimes": { "shimpei": { "path": "shimpei" }, "nvidia": { "path": "nvidia-oci" } }, "selinux-enabled": true, - "default-ulimits": { "nofile": { "Name": "nofile", "Soft": 1024, "Hard": 4096 } } + {{~#if settings.oci-defaults.capabilities~}} + "default-capabilities": {{~oci_defaults "docker" settings.oci-defaults.capabilities~}} + {{~/if~}} + {{~#if settings.oci-defaults.resource-limits~}} + "default-ulimits": { + {{~oci_defaults "docker" settings.oci-defaults.resource-limits~}} + } + {{~/if~}} {{#if settings.container-registry.mirrors}} {{#each settings.container-registry.mirrors}} {{#if (eq registry "docker.io" )}}, diff --git a/packages/docker-engine/docker-engine.spec b/packages/docker-engine/docker-engine.spec index 4d5f08b2d50..8d4497fac47 100644 --- a/packages/docker-engine/docker-engine.spec +++ b/packages/docker-engine/docker-engine.spec @@ -31,6 +31,7 @@ Source1000: clarify.toml # Backport to fix host header issue when compiling with Go 1.20.6 or later Patch0001: 0001-non-tcp-host-header.patch +Patch0002: 0002-Change-default-capabilities-using-daemon-config.patch BuildRequires: git BuildRequires: %{_cross_os}glibc-devel diff --git a/sources/api/schnauzer/src/helpers.rs b/sources/api/schnauzer/src/helpers.rs index 441fd48bd71..04405075a7e 100644 --- a/sources/api/schnauzer/src/helpers.rs +++ b/sources/api/schnauzer/src/helpers.rs @@ -307,6 +307,12 @@ mod error { number: usize, source: std::num::TryFromIntError, }, + + #[snafu(display("Invalid output type '{}', expected 'docker' or 'containerd'", runtime))] + InvalidOutputType { + source: serde_plain::Error, + runtime: String, + }, } // Handlebars helpers are required to return a RenderError. @@ -1371,6 +1377,111 @@ enum OciSpecSection { derive_fromstr_from_deserialize!(OciSpecSection); +#[derive(Deserialize, Debug, Clone, Copy)] +#[serde(rename_all = "kebab-case")] +enum Runtime { + Docker, + Containerd, +} + +derive_fromstr_from_deserialize!(Runtime); + +impl Runtime { + fn get_capabilities(&self, caps: String) -> String { + match self { + Self::Docker => Docker::get_capabilities(caps), + Self::Containerd => Containerd::get_capabilities(caps), + } + } + + fn get_resource_limits( + &self, + rlimit_type: &OciDefaultsResourceLimitType, + values: &OciDefaultsResourceLimit, + ) -> String { + match self { + Self::Docker => Docker::get_resource_limits(rlimit_type, values), + Self::Containerd => Containerd::get_resource_limits(rlimit_type, values), + } + } +} + +struct Docker; +struct Containerd; + +impl Docker { + /// Formats capabilities for Docker + fn get_capabilities(caps: String) -> String { + format!( + concat!(r#"["#, "{capabilities}", "],\n",), + capabilities = caps, + ) + } + + /// Formats resource limits for Docker + fn get_resource_limits( + rlimit_type: &OciDefaultsResourceLimitType, + values: &OciDefaultsResourceLimit, + ) -> String { + format!( + r#" "{}":{{ "Name": "{}", "Hard": {}, "Soft": {} }}"#, + rlimit_type + .to_linux_string() + .replace("RLIMIT_", "") + .to_lowercase(), + rlimit_type + .to_linux_string() + .replace("RLIMIT_", "") + .to_lowercase(), + values.hard_limit, + values.soft_limit, + ) + } +} + +impl Containerd { + /// Formats capabilities for Containerd + fn get_capabilities(caps: String) -> String { + format!( + concat!( + r#""bounding": ["#, + "{capabilities_bounding}", + "],\n", + r#""effective": ["#, + "{capabilities_effective}", + "],\n", + r#""permitted": ["#, + "{capabilities_permitted}", + "]\n", + ), + capabilities_bounding = caps, + capabilities_effective = caps, + capabilities_permitted = caps, + ) + } + + /// Formats resource limits for Containerd + fn get_resource_limits( + rlimit_type: &OciDefaultsResourceLimitType, + values: &OciDefaultsResourceLimit, + ) -> String { + format!( + r#"{{ "type": "{}", "hard": {}, "soft": {} }}"#, + rlimit_type.to_linux_string(), + Self::get_limit(values.hard_limit), + Self::get_limit(values.soft_limit), + ) + } + + /// Converts I64 values to u64 for Containerd + fn get_limit(limit: i64) -> u64 { + match limit { + -1 => u64::MAX, + _ => limit as u64, + } + } +} + /// This helper writes out the default OCI runtime spec. /// /// The calling pattern is `{{ oci_defaults settings.oci-defaults.resource-limits }}`, @@ -1398,14 +1509,28 @@ pub fn oci_defaults( // Check number of parameters, must be exactly two (OCI spec section to render and settings values for the section) debug!("Number of params: {}", helper.params().len()); - check_param_count(helper, template_name, 1)?; + check_param_count(helper, template_name, 2)?; debug!("params: {:?}", helper.params()); + debug!("Getting the requested output type to render"); + let runtime_val = get_param(helper, 0)?; + let runtime_str = runtime_val + .as_str() + .with_context(|| error::InvalidTemplateValueSnafu { + expected: "string", + value: runtime_val.to_owned(), + template: template_name.to_owned(), + })?; + + let runtime = Runtime::from_str(runtime_str).context(error::InvalidOutputTypeSnafu { + runtime: runtime_str.to_owned(), + })?; + debug!("Getting the requested OCI spec section to render"); - let oci_defaults_values = get_param(helper, 0)?; + let oci_defaults_values = get_param(helper, 1)?; // We want the settings path so we know which OCI spec section we are rendering. // e.g. settings.oci-defaults.resource-limits - let settings_path = get_param_key_name(helper, 0)?; + let settings_path = get_param_key_name(helper, 1)?; // Extract the last part of the settings path, which is the OCI spec section we want to render. let oci_spec_section = settings_path .split('.') @@ -1416,10 +1541,22 @@ pub fn oci_defaults( let section = OciSpecSection::from_str(oci_spec_section).context(error::InvalidOciSpecSectionSnafu)?; let result_lines = match section { - OciSpecSection::Capabilities => oci_spec_capabilities(oci_defaults_values)?, - OciSpecSection::ResourceLimits => oci_spec_resource_limits(oci_defaults_values)?, + OciSpecSection::Capabilities => { + let capabilities = oci_spec_capabilities(oci_defaults_values)?; + runtime.get_capabilities(capabilities) + } + OciSpecSection::ResourceLimits => { + let rlimits = oci_spec_resource_limits(oci_defaults_values)?; + rlimits + .iter() + .map(|(rlimit_type, values)| runtime.get_resource_limits(rlimit_type, values)) + .collect::>() + .join(",\n") + } }; + debug!("{}_section: \n{}", oci_spec_section, result_lines); + // Write out the final values to the configuration file out.write(result_lines.as_str()) .context(error::TemplateWriteSnafu { @@ -1454,26 +1591,7 @@ fn oci_spec_capabilities(value: &Value) -> Result { capabilities_lines.sort(); let capabilities_lines_joined = capabilities_lines.join(",\n"); - let capabilities_section = format!( - concat!( - r#""bounding": ["#, - "{capabilities_bounding}", - "],\n", - r#""effective": ["#, - "{capabilities_effective}", - "],\n", - r#""permitted": ["#, - "{capabilities_permitted}", - "]\n", - ), - capabilities_bounding = capabilities_lines_joined, - capabilities_effective = capabilities_lines_joined, - capabilities_permitted = capabilities_lines_joined, - ); - - debug!("capabilities_section: \n{}", capabilities_section); - - Ok(capabilities_section) + Ok(capabilities_lines_joined) } /// This helper writes out the resource limits section of the default @@ -1486,25 +1604,10 @@ fn oci_spec_capabilities(value: &Value) -> Result { /// This helper function generates the resource limits section of /// the OCI runtime spec from the provided `value` parameter, which is /// the settings data from the datastore (`settings.oci-defaults.resource-limits`). -fn oci_spec_resource_limits(value: &Value) -> Result { - let oci_default_rlimits: HashMap = - serde_json::from_value(value.clone())?; - - let result_lines = oci_default_rlimits - .iter() - .map(|(rlimit_type, values)| { - format!( - r#"{{ "type": "{}", "hard": {}, "soft": {} }}"#, - rlimit_type.to_linux_string(), - values.get_hard_limit(), - values.get_soft_limit(), - ) - }) - .collect::>() - .join(",\n"); - - debug!("resource_limits result_lines: \n{}", result_lines); - Ok(result_lines) +fn oci_spec_resource_limits( + value: &Value, +) -> Result, RenderError> { + Ok(serde_json::from_value(value.clone())?) } // =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= @@ -2701,6 +2804,7 @@ mod test_any_enabled { #[cfg(test)] mod test_oci_spec { + use super::{Containerd, Docker}; use crate::helpers::*; use serde_json::json; use OciDefaultsResourceLimitType::*; @@ -2713,7 +2817,8 @@ mod test_oci_spec { "mac-admin": true, "mknod": true }); - let rendered = oci_spec_capabilities(&json).unwrap(); + let capabilities = oci_spec_capabilities(&json).unwrap(); + let rendered = Containerd::get_capabilities(capabilities); assert_eq!( rendered, r#""bounding": ["CAP_KILL", @@ -2733,7 +2838,8 @@ mod test_oci_spec { (cap, bottlerocket, hard_limit, soft_limit): (OciDefaultsResourceLimitType, &str, i64, i64), ) { let json = json!({bottlerocket: {"hard-limit": hard_limit, "soft-limit": soft_limit}}); - let rendered = oci_spec_resource_limits(&json).unwrap(); + let rlimits = oci_spec_resource_limits(&json).unwrap(); + let rendered = Containerd::get_resource_limits(&cap, rlimits.get(&cap).unwrap()); let result = format!( r#"{{ "type": "{}", "hard": {}, "soft": {} }}"#, cap.to_linux_string(), @@ -2772,7 +2878,12 @@ mod test_oci_spec { #[test] fn oci_spec_max_locked_memory_as_unlimited_resource_limit_test() { let json = json!({"max-locked-memory": {"hard-limit": "unlimited", "soft-limit": 18}}); - let rendered = oci_spec_resource_limits(&json).unwrap(); + let rlimits = oci_spec_resource_limits(&json).unwrap(); + let rendered = Containerd::get_resource_limits( + &MaxLockedMemory, + rlimits.get(&MaxLockedMemory).unwrap(), + ); + assert_eq!( rendered, r#"{ "type": "RLIMIT_MEMLOCK", "hard": 18446744073709551615, "soft": 18 }"# @@ -2782,10 +2893,58 @@ mod test_oci_spec { #[test] fn oci_spec_max_locked_memory_as_minus_one_resource_limit_test() { let json = json!({"max-locked-memory": {"hard-limit": -1, "soft-limit": 18}}); - let rendered = oci_spec_resource_limits(&json).unwrap(); + let rlimits = oci_spec_resource_limits(&json).unwrap(); + let rendered = Containerd::get_resource_limits( + &MaxLockedMemory, + rlimits.get(&MaxLockedMemory).unwrap(), + ); assert_eq!( rendered, r#"{ "type": "RLIMIT_MEMLOCK", "hard": 18446744073709551615, "soft": 18 }"# ); } + + #[test] + fn oci_spec_capabilities_docker_test() { + let json = json!({ + "kill": true, + "lease": false, + "mac-admin": true, + "mknod": true + }); + let capabilities = oci_spec_capabilities(&json).unwrap(); + let rendered = Docker::get_capabilities(capabilities); + assert_eq!( + rendered, + r#"["CAP_KILL", +"CAP_MAC_ADMIN", +"CAP_MKNOD"], +"# + ); + } + + #[test] + fn oci_spec_resource_limits_test_docker() { + let json = json!({"max-open-files": {"hard-limit": 1, "soft-limit": 2}}); + let rlimits = oci_spec_resource_limits(&json).unwrap(); + let rendered = + Docker::get_resource_limits(&MaxOpenFiles, rlimits.get(&MaxOpenFiles).unwrap()); + assert_eq!( + rendered, + r#" "nofile":{ "Name": "nofile", "Hard": 1, "Soft": 2 }"# + ); + } + + #[test] + fn oci_spec_max_locked_memory_as_unlimited_docker_resource_limit_test() { + let json = json!({"max-locked-memory": {"hard-limit": "unlimited", "soft-limit": 18}}); + let rlimits = oci_spec_resource_limits(&json).unwrap(); + let rendered = + Docker::get_resource_limits(&MaxLockedMemory, rlimits.get(&MaxLockedMemory).unwrap()); + + assert_eq!( + rendered, + r#" "memlock":{ "Name": "memlock", "Hard": -1, "Soft": 18 }"# + ); + } } diff --git a/sources/models/shared-defaults/oci-defaults-containerd-cri-capabilities.toml b/sources/models/shared-defaults/oci-defaults-capabilities.toml similarity index 73% rename from sources/models/shared-defaults/oci-defaults-containerd-cri-capabilities.toml rename to sources/models/shared-defaults/oci-defaults-capabilities.toml index ef36e49437f..5a8e98136a7 100644 --- a/sources/models/shared-defaults/oci-defaults-containerd-cri-capabilities.toml +++ b/sources/models/shared-defaults/oci-defaults-capabilities.toml @@ -1,6 +1,5 @@ [settings.oci-defaults.capabilities] -# These values represent the default capabilities in the default -# OCI spec for containerd. +# These values represent the default capabilities for Docker and Containerd. audit-write = true chown = true dac-override = true diff --git a/sources/models/shared-defaults/oci-defaults-docker-resource-limits.toml b/sources/models/shared-defaults/oci-defaults-docker-resource-limits.toml new file mode 100644 index 00000000000..437739b7992 --- /dev/null +++ b/sources/models/shared-defaults/oci-defaults-docker-resource-limits.toml @@ -0,0 +1,3 @@ +[settings.oci-defaults.resource-limits.max-open-files] +hard-limit = 4096 +soft-limit = 1024 diff --git a/sources/models/shared-defaults/oci-defaults-docker.toml b/sources/models/shared-defaults/oci-defaults-docker.toml new file mode 100644 index 00000000000..b1f89695d22 --- /dev/null +++ b/sources/models/shared-defaults/oci-defaults-docker.toml @@ -0,0 +1,2 @@ +[metadata.settings.oci-defaults] +affected-services = ["docker"] diff --git a/sources/models/src/aws-ecs-1-nvidia/defaults.d/75-oci-defaults-docker.toml b/sources/models/src/aws-ecs-1-nvidia/defaults.d/75-oci-defaults-docker.toml new file mode 120000 index 00000000000..deb7cd4f616 --- /dev/null +++ b/sources/models/src/aws-ecs-1-nvidia/defaults.d/75-oci-defaults-docker.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-docker.toml \ No newline at end of file diff --git a/sources/models/src/aws-ecs-1-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-ecs-1-nvidia/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/aws-ecs-1-nvidia/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-ecs-1-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml b/sources/models/src/aws-ecs-1-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml new file mode 120000 index 00000000000..24b077b8362 --- /dev/null +++ b/sources/models/src/aws-ecs-1-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-docker-resource-limits.toml \ No newline at end of file diff --git a/sources/models/src/aws-ecs-1-nvidia/mod.rs b/sources/models/src/aws-ecs-1-nvidia/mod.rs index 4ab3064d508..f4cd1113192 100644 --- a/sources/models/src/aws-ecs-1-nvidia/mod.rs +++ b/sources/models/src/aws-ecs-1-nvidia/mod.rs @@ -6,7 +6,7 @@ use crate::modeled_types::Identifier; use crate::{ AutoScalingSettings, AwsSettings, BootstrapContainer, CloudFormationSettings, DnsSettings, ECSSettings, HostContainer, KernelSettings, MetricsSettings, NetworkSettings, NtpSettings, - OciHooks, PemCertificate, RegistrySettings, UpdatesSettings, + OciDefaults, OciHooks, PemCertificate, RegistrySettings, UpdatesSettings, }; // Note: we have to use 'rename' here because the top-level Settings structure is the only one @@ -25,6 +25,7 @@ struct Settings { metrics: MetricsSettings, pki: HashMap, container_registry: RegistrySettings, + oci_defaults: OciDefaults, oci_hooks: OciHooks, cloudformation: CloudFormationSettings, autoscaling: AutoScalingSettings, diff --git a/sources/models/src/aws-ecs-1/defaults.d/75-oci-defaults-docker.toml b/sources/models/src/aws-ecs-1/defaults.d/75-oci-defaults-docker.toml new file mode 120000 index 00000000000..deb7cd4f616 --- /dev/null +++ b/sources/models/src/aws-ecs-1/defaults.d/75-oci-defaults-docker.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-docker.toml \ No newline at end of file diff --git a/sources/models/src/aws-ecs-1/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-ecs-1/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/aws-ecs-1/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-ecs-1/defaults.d/77-oci-defaults-docker-resource-limits.toml b/sources/models/src/aws-ecs-1/defaults.d/77-oci-defaults-docker-resource-limits.toml new file mode 120000 index 00000000000..24b077b8362 --- /dev/null +++ b/sources/models/src/aws-ecs-1/defaults.d/77-oci-defaults-docker-resource-limits.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-docker-resource-limits.toml \ No newline at end of file diff --git a/sources/models/src/aws-ecs-1/mod.rs b/sources/models/src/aws-ecs-1/mod.rs index 4ab3064d508..f4cd1113192 100644 --- a/sources/models/src/aws-ecs-1/mod.rs +++ b/sources/models/src/aws-ecs-1/mod.rs @@ -6,7 +6,7 @@ use crate::modeled_types::Identifier; use crate::{ AutoScalingSettings, AwsSettings, BootstrapContainer, CloudFormationSettings, DnsSettings, ECSSettings, HostContainer, KernelSettings, MetricsSettings, NetworkSettings, NtpSettings, - OciHooks, PemCertificate, RegistrySettings, UpdatesSettings, + OciDefaults, OciHooks, PemCertificate, RegistrySettings, UpdatesSettings, }; // Note: we have to use 'rename' here because the top-level Settings structure is the only one @@ -25,6 +25,7 @@ struct Settings { metrics: MetricsSettings, pki: HashMap, container_registry: RegistrySettings, + oci_defaults: OciDefaults, oci_hooks: OciHooks, cloudformation: CloudFormationSettings, autoscaling: AutoScalingSettings, diff --git a/sources/models/src/aws-ecs-2-nvidia/defaults.d/75-oci-defaults-docker.toml b/sources/models/src/aws-ecs-2-nvidia/defaults.d/75-oci-defaults-docker.toml new file mode 120000 index 00000000000..deb7cd4f616 --- /dev/null +++ b/sources/models/src/aws-ecs-2-nvidia/defaults.d/75-oci-defaults-docker.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-docker.toml \ No newline at end of file diff --git a/sources/models/src/aws-ecs-2-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-ecs-2-nvidia/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/aws-ecs-2-nvidia/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-ecs-2-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml b/sources/models/src/aws-ecs-2-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml new file mode 120000 index 00000000000..24b077b8362 --- /dev/null +++ b/sources/models/src/aws-ecs-2-nvidia/defaults.d/77-oci-defaults-docker-resource-limits.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-docker-resource-limits.toml \ No newline at end of file diff --git a/sources/models/src/aws-ecs-2-nvidia/mod.rs b/sources/models/src/aws-ecs-2-nvidia/mod.rs index 7ed211b06dd..aad3dd7eaec 100644 --- a/sources/models/src/aws-ecs-2-nvidia/mod.rs +++ b/sources/models/src/aws-ecs-2-nvidia/mod.rs @@ -6,7 +6,7 @@ use crate::modeled_types::Identifier; use crate::{ AutoScalingSettings, AwsSettings, BootSettings, BootstrapContainer, CloudFormationSettings, DnsSettings, ECSSettings, HostContainer, KernelSettings, MetricsSettings, NetworkSettings, - NtpSettings, OciHooks, PemCertificate, RegistrySettings, UpdatesSettings, + NtpSettings, OciDefaults, OciHooks, PemCertificate, RegistrySettings, UpdatesSettings, }; // Note: we have to use 'rename' here because the top-level Settings structure is the only one @@ -26,6 +26,7 @@ struct Settings { metrics: MetricsSettings, pki: HashMap, container_registry: RegistrySettings, + oci_defaults: OciDefaults, oci_hooks: OciHooks, cloudformation: CloudFormationSettings, autoscaling: AutoScalingSettings, diff --git a/sources/models/src/aws-ecs-2/defaults.d/75-oci-defaults-docker.toml b/sources/models/src/aws-ecs-2/defaults.d/75-oci-defaults-docker.toml new file mode 120000 index 00000000000..deb7cd4f616 --- /dev/null +++ b/sources/models/src/aws-ecs-2/defaults.d/75-oci-defaults-docker.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-docker.toml \ No newline at end of file diff --git a/sources/models/src/aws-ecs-2/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-ecs-2/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/aws-ecs-2/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-ecs-2/defaults.d/77-oci-defaults-docker-resource-limits.toml b/sources/models/src/aws-ecs-2/defaults.d/77-oci-defaults-docker-resource-limits.toml new file mode 120000 index 00000000000..24b077b8362 --- /dev/null +++ b/sources/models/src/aws-ecs-2/defaults.d/77-oci-defaults-docker-resource-limits.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-docker-resource-limits.toml \ No newline at end of file diff --git a/sources/models/src/aws-ecs-2/mod.rs b/sources/models/src/aws-ecs-2/mod.rs index 7ed211b06dd..aad3dd7eaec 100644 --- a/sources/models/src/aws-ecs-2/mod.rs +++ b/sources/models/src/aws-ecs-2/mod.rs @@ -6,7 +6,7 @@ use crate::modeled_types::Identifier; use crate::{ AutoScalingSettings, AwsSettings, BootSettings, BootstrapContainer, CloudFormationSettings, DnsSettings, ECSSettings, HostContainer, KernelSettings, MetricsSettings, NetworkSettings, - NtpSettings, OciHooks, PemCertificate, RegistrySettings, UpdatesSettings, + NtpSettings, OciDefaults, OciHooks, PemCertificate, RegistrySettings, UpdatesSettings, }; // Note: we have to use 'rename' here because the top-level Settings structure is the only one @@ -26,6 +26,7 @@ struct Settings { metrics: MetricsSettings, pki: HashMap, container_registry: RegistrySettings, + oci_defaults: OciDefaults, oci_hooks: OciHooks, cloudformation: CloudFormationSettings, autoscaling: AutoScalingSettings, diff --git a/sources/models/src/aws-k8s-1.24-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-k8s-1.24-nvidia/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/aws-k8s-1.24-nvidia/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.24-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml b/sources/models/src/aws-k8s-1.24-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml deleted file mode 120000 index 2e5d1c32f8d..00000000000 --- a/sources/models/src/aws-k8s-1.24-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.24/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-k8s-1.24/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/aws-k8s-1.24/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.24/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml b/sources/models/src/aws-k8s-1.24/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml deleted file mode 120000 index 2e5d1c32f8d..00000000000 --- a/sources/models/src/aws-k8s-1.24/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.25-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-k8s-1.25-nvidia/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/aws-k8s-1.25-nvidia/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.25-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml b/sources/models/src/aws-k8s-1.25-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml deleted file mode 120000 index 2e5d1c32f8d..00000000000 --- a/sources/models/src/aws-k8s-1.25-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.25/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-k8s-1.25/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/aws-k8s-1.25/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.25/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml b/sources/models/src/aws-k8s-1.25/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml deleted file mode 120000 index 2e5d1c32f8d..00000000000 --- a/sources/models/src/aws-k8s-1.25/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.26-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-k8s-1.26-nvidia/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/aws-k8s-1.26-nvidia/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.26-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml b/sources/models/src/aws-k8s-1.26-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml deleted file mode 120000 index 2e5d1c32f8d..00000000000 --- a/sources/models/src/aws-k8s-1.26-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.26/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-k8s-1.26/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/aws-k8s-1.26/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.26/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml b/sources/models/src/aws-k8s-1.26/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml deleted file mode 120000 index 2e5d1c32f8d..00000000000 --- a/sources/models/src/aws-k8s-1.26/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml b/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml deleted file mode 120000 index 2e5d1c32f8d..00000000000 --- a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-k8s-1.27/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/aws-k8s-1.27/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml b/sources/models/src/aws-k8s-1.27/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml deleted file mode 120000 index 2e5d1c32f8d..00000000000 --- a/sources/models/src/aws-k8s-1.27/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/lib.rs b/sources/models/src/lib.rs index 37379073248..c20d9296110 100644 --- a/sources/models/src/lib.rs +++ b/sources/models/src/lib.rs @@ -540,23 +540,6 @@ struct OciDefaultsResourceLimit { soft_limit: i64, } -impl OciDefaultsResourceLimit { - pub fn get_hard_limit(self) -> u64 { - Self::get_limit(self.hard_limit) - } - - pub fn get_soft_limit(self) -> u64 { - Self::get_limit(self.soft_limit) - } - - fn get_limit(limit: i64) -> u64 { - match limit { - -1 => u64::MAX, - _ => limit as u64, - } - } -} - #[model(add_option = false)] struct Report { name: String, diff --git a/sources/models/src/metal-k8s-1.24/defaults.d/86-oci-defaults-capabilities.toml b/sources/models/src/metal-k8s-1.24/defaults.d/86-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/metal-k8s-1.24/defaults.d/86-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/metal-k8s-1.24/defaults.d/86-oci-defaults-containerd-cri-capabilities.toml b/sources/models/src/metal-k8s-1.24/defaults.d/86-oci-defaults-containerd-cri-capabilities.toml deleted file mode 120000 index 2e5d1c32f8d..00000000000 --- a/sources/models/src/metal-k8s-1.24/defaults.d/86-oci-defaults-containerd-cri-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/86-oci-defaults-capabilities.toml b/sources/models/src/metal-k8s-1.27/defaults.d/86-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/metal-k8s-1.27/defaults.d/86-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/86-oci-defaults-containerd-cri-capabilities.toml b/sources/models/src/metal-k8s-1.27/defaults.d/86-oci-defaults-containerd-cri-capabilities.toml deleted file mode 120000 index 2e5d1c32f8d..00000000000 --- a/sources/models/src/metal-k8s-1.27/defaults.d/86-oci-defaults-containerd-cri-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/vmware-k8s-1.24/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/vmware-k8s-1.24/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/vmware-k8s-1.24/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/vmware-k8s-1.24/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml b/sources/models/src/vmware-k8s-1.24/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml deleted file mode 120000 index 2e5d1c32f8d..00000000000 --- a/sources/models/src/vmware-k8s-1.24/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/vmware-k8s-1.27/defaults.d/76-oci-defaults-capabilities.toml new file mode 120000 index 00000000000..100c2874090 --- /dev/null +++ b/sources/models/src/vmware-k8s-1.27/defaults.d/76-oci-defaults-capabilities.toml @@ -0,0 +1 @@ +../../../shared-defaults/oci-defaults-capabilities.toml \ No newline at end of file diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml b/sources/models/src/vmware-k8s-1.27/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml deleted file mode 120000 index 2e5d1c32f8d..00000000000 --- a/sources/models/src/vmware-k8s-1.27/defaults.d/76-oci-defaults-containerd-cri-capabilities.toml +++ /dev/null @@ -1 +0,0 @@ -../../../shared-defaults/oci-defaults-containerd-cri-capabilities.toml \ No newline at end of file