Skip to content

Commit

Permalink
Merge pull request #10476 from afbjorklund/crio-iso
Browse files Browse the repository at this point in the history 
Upgrade crio to 1.20.0
  • Loading branch information
@ilya-zuyev
ilya-zuyev authored Feb 17, 2021
2 parents 21291cb + c8266c0 commit bf6928b
Show file tree
Hide file tree
Showing 4 changed files with 62 additions and 26 deletions.
2 changes: 2 additions & 0 deletions deploy/iso/minikube-iso/package/crio-bin/crio-bin.hash
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,5 @@ sha256 25dc558fbabc987bd58c7eab5230121b258a7b0eb34a49dc6595f1c6f3969116 v1.18.2.
sha256 d5c6442e3990938badc966cdd1eb9ebe2fc11345452c233aa0d87ca38fbeed81 v1.18.3.tar.gz
sha256 74a4e916acddc6cf47ab5752bdebb6732ce2c028505ef57b7edc21d2da9039b6 v1.18.4.tar.gz
sha256 fc8a8e61375e3ce30563eeb0fd6534c4f48fc20300a72e6ff51cc99cb2703516 v1.19.0.tar.gz
sha256 6165c5b8212ea03be2a465403177318bfe25a54c3e8d66d720344643913a0223 v1.19.1.tar.gz
sha256 76fd7543bc92d4364a11060f43a5131893a76c6e6e9d6de3a6bb6292c110b631 v1.20.0.tar.gz
4 changes: 2 additions & 2 deletions deploy/iso/minikube-iso/package/crio-bin/crio-bin.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
#
################################################################################

CRIO_BIN_VERSION = v1.19.0
CRIO_BIN_COMMIT = 99c925bebdd9e392f2d575e25f2e6a1082e6c232
CRIO_BIN_VERSION = v1.20.0
CRIO_BIN_COMMIT = d388528dbed26b93c5bc1c89623607a1e597aa57
CRIO_BIN_SITE = https://github.com/cri-o/cri-o/archive
CRIO_BIN_SOURCE = $(CRIO_BIN_VERSION).tar.gz
CRIO_BIN_DEPENDENCIES = host-go libgpgme
Expand Down
41 changes: 29 additions & 12 deletions deploy/iso/minikube-iso/package/crio-bin/crio.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ storage_driver = "overlay"
# List to pass options to the storage driver. Please refer to
# containers-storage.conf(5) to see all available storage options.
#storage_option = [
# "overlay.mountopt=nodev,metacopy=on",
#]

# The default log directory where all logs will go unless directly specified by
Expand Down Expand Up @@ -92,11 +93,6 @@ grpc_max_recv_msg_size = 16777216
#default_ulimits = [
#]

# default_runtime is the _name_ of the OCI runtime to be used as the default.
# The name is matched against the runtimes map below. If this value is changed,
# the corresponding existing entry from the runtimes map below will be ignored.
default_runtime = "runc"

# If true, the runtime will not use pivot_root, but instead use MS_MOVE.
no_pivot = false

Expand Down Expand Up @@ -131,6 +127,12 @@ selinux = false
# will be used. This option supports live configuration reload.
seccomp_profile = ""

# Changes the meaning of an empty seccomp profile. By default
# (and according to CRI spec), an empty profile means unconfined.
# This option tells CRI-O to treat an empty profile as the default profile,
# which might increase security.
seccomp_use_default_when_empty = false

# Used to change the name of the default AppArmor profile of CRI-O. The default
# profile name is "crio-default". This profile only takes effect if the user
# does not specify a profile via the Kubernetes Pod's metadata annotation. If
Expand All @@ -141,6 +143,9 @@ apparmor_profile = "crio-default"
# Cgroup management implementation used for the runtime.
cgroup_manager = "systemd"

# Specify whether the image pull must be performed in a separate cgroup.
separate_pull_cgroup = ""

# List of default capabilities for containers. If it is empty or commented out,
# only the capabilities defined in the containers json file by the user/kube
# will be added.
Expand Down Expand Up @@ -174,11 +179,6 @@ hooks_dir = [
"/usr/share/containers/oci/hooks.d",
]

# List of default mounts for each container. **Deprecated:** this option will
# be removed in future versions in favor of default_mounts_file.
default_mounts = [
]

# Path to the file specifying the defaults mounts for each container. The
# format of the config is /SRC:/DST, one mount per line. Notice that CRI-O reads
# its default mounts from the following two files:
Expand Down Expand Up @@ -243,7 +243,8 @@ gid_mappings = ""
ctr_stop_timeout = 30

# manage_ns_lifecycle determines whether we pin and remove namespaces
# and manage their lifecycle
# and manage their lifecycle.
# This option is being deprecated, and will be unconditionally true in the future.
manage_ns_lifecycle = true

# drop_infra_ctr determines whether CRI-O drops the infra container
Expand All @@ -259,6 +260,11 @@ namespaces_dir = "/var/run"
# pinns_path is the path to find the pinns binary, which is needed to manage namespace lifecycle
pinns_path = "/usr/bin/pinns"

# default_runtime is the _name_ of the OCI runtime to be used as the default.
# The name is matched against the runtimes map below. If this value is changed,
# the corresponding existing entry from the runtimes map below will be ignored.
default_runtime = "runc"

# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes.
# The runtime to use is picked based on the runtime_handler provided by the CRI.
# If no runtime_handler is provided, the runtime will be picked based on the level
Expand All @@ -268,7 +274,8 @@ pinns_path = "/usr/bin/pinns"
# runtime_path = "/path/to/the/executable"
# runtime_type = "oci"
# runtime_root = "/path/to/the/root"
#
# privileged_without_host_devices = false
# allowed_annotations = []
# Where:
# - runtime-handler: name used to identify the runtime
# - runtime_path (optional, string): absolute path to the runtime executable in
Expand All @@ -279,6 +286,14 @@ pinns_path = "/usr/bin/pinns"
# omitted, an "oci" runtime is assumed.
# - runtime_root (optional, string): root directory for storage of containers
# state.
# - privileged_without_host_devices (optional, bool): an option for restricting
# host devices from being passed to privileged containers.
# - allowed_annotations (optional, array of strings): an option for specifying
# a list of experimental annotations that this runtime handler is allowed to process.
# The currently recognized values are:
# "io.kubernetes.cri-o.userns-mode" for configuring a user namespace for the pod.
# "io.kubernetes.cri-o.Devices" for configuring devices for the pod.
# "io.kubernetes.cri-o.ShmSize" for configuring the size of /dev/shm.


[crio.runtime.runtimes.runc]
Expand All @@ -287,6 +302,8 @@ runtime_type = "oci"
runtime_root = "/run/runc"




# crun is a fast and lightweight fully featured OCI runtime and C library for
# running containers
#[crio.runtime.runtimes.crun]
Expand Down
41 changes: 29 additions & 12 deletions deploy/iso/minikube-iso/package/crio-bin/crio.conf.default
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
# List to pass options to the storage driver. Please refer to
# containers-storage.conf(5) to see all available storage options.
#storage_option = [
# "overlay.mountopt=nodev,metacopy=on",
#]

# The default log directory where all logs will go unless directly specified by
Expand Down Expand Up @@ -92,11 +93,6 @@ grpc_max_recv_msg_size = 16777216
#default_ulimits = [
#]

# default_runtime is the _name_ of the OCI runtime to be used as the default.
# The name is matched against the runtimes map below. If this value is changed,
# the corresponding existing entry from the runtimes map below will be ignored.
default_runtime = "runc"

# If true, the runtime will not use pivot_root, but instead use MS_MOVE.
no_pivot = false

Expand Down Expand Up @@ -131,6 +127,12 @@ selinux = false
# will be used. This option supports live configuration reload.
seccomp_profile = ""

# Changes the meaning of an empty seccomp profile. By default
# (and according to CRI spec), an empty profile means unconfined.
# This option tells CRI-O to treat an empty profile as the default profile,
# which might increase security.
seccomp_use_default_when_empty = false

# Used to change the name of the default AppArmor profile of CRI-O. The default
# profile name is "crio-default". This profile only takes effect if the user
# does not specify a profile via the Kubernetes Pod's metadata annotation. If
Expand All @@ -141,6 +143,9 @@ apparmor_profile = "crio-default"
# Cgroup management implementation used for the runtime.
cgroup_manager = "systemd"

# Specify whether the image pull must be performed in a separate cgroup.
separate_pull_cgroup = ""

# List of default capabilities for containers. If it is empty or commented out,
# only the capabilities defined in the containers json file by the user/kube
# will be added.
Expand Down Expand Up @@ -174,11 +179,6 @@ hooks_dir = [
"/usr/share/containers/oci/hooks.d",
]

# List of default mounts for each container. **Deprecated:** this option will
# be removed in future versions in favor of default_mounts_file.
default_mounts = [
]

# Path to the file specifying the defaults mounts for each container. The
# format of the config is /SRC:/DST, one mount per line. Notice that CRI-O reads
# its default mounts from the following two files:
Expand Down Expand Up @@ -243,7 +243,8 @@ gid_mappings = ""
ctr_stop_timeout = 30

# manage_ns_lifecycle determines whether we pin and remove namespaces
# and manage their lifecycle
# and manage their lifecycle.
# This option is being deprecated, and will be unconditionally true in the future.
manage_ns_lifecycle = true

# drop_infra_ctr determines whether CRI-O drops the infra container
Expand All @@ -259,6 +260,11 @@ namespaces_dir = "/var/run"
# pinns_path is the path to find the pinns binary, which is needed to manage namespace lifecycle
pinns_path = ""

# default_runtime is the _name_ of the OCI runtime to be used as the default.
# The name is matched against the runtimes map below. If this value is changed,
# the corresponding existing entry from the runtimes map below will be ignored.
default_runtime = "runc"

# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes.
# The runtime to use is picked based on the runtime_handler provided by the CRI.
# If no runtime_handler is provided, the runtime will be picked based on the level
Expand All @@ -268,7 +274,8 @@ pinns_path = ""
# runtime_path = "/path/to/the/executable"
# runtime_type = "oci"
# runtime_root = "/path/to/the/root"
#
# privileged_without_host_devices = false
# allowed_annotations = []
# Where:
# - runtime-handler: name used to identify the runtime
# - runtime_path (optional, string): absolute path to the runtime executable in
Expand All @@ -279,6 +286,14 @@ pinns_path = ""
# omitted, an "oci" runtime is assumed.
# - runtime_root (optional, string): root directory for storage of containers
# state.
# - privileged_without_host_devices (optional, bool): an option for restricting
# host devices from being passed to privileged containers.
# - allowed_annotations (optional, array of strings): an option for specifying
# a list of experimental annotations that this runtime handler is allowed to process.
# The currently recognized values are:
# "io.kubernetes.cri-o.userns-mode" for configuring a user namespace for the pod.
# "io.kubernetes.cri-o.Devices" for configuring devices for the pod.
# "io.kubernetes.cri-o.ShmSize" for configuring the size of /dev/shm.


[crio.runtime.runtimes.runc]
Expand All @@ -287,6 +302,8 @@ runtime_type = "oci"
runtime_root = "/run/runc"




# crun is a fast and lightweight fully featured OCI runtime and C library for
# running containers
#[crio.runtime.runtimes.crun]
Expand Down

0 comments on commit bf6928b

Please sign in to comment.