From 50bd0d17e53b54148dd9d7ca70facff8942deaad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Thu, 10 Dec 2020 07:13:56 +0100 Subject: [PATCH] Update the containerd configuration to v2 Apply `containerd config default` to config.toml --- .../package/containerd-bin/config.toml | 106 +++++++++++++---- .../containerd-bin/config.toml.default | 108 +++++++++++++----- 2 files changed, 167 insertions(+), 47 deletions(-) diff --git a/deploy/iso/minikube-iso/package/containerd-bin/config.toml b/deploy/iso/minikube-iso/package/containerd-bin/config.toml index 883099141c56..f588941a5efb 100644 --- a/deploy/iso/minikube-iso/package/containerd-bin/config.toml +++ b/deploy/iso/minikube-iso/package/containerd-bin/config.toml @@ -1,14 +1,26 @@ +version = 2 root = "/var/lib/containerd" state = "/run/containerd" +plugin_dir = "" +disabled_plugins = [] +required_plugins = [] oom_score = 0 [grpc] address = "/run/containerd/containerd.sock" + tcp_address = "" + tcp_tls_cert = "" + tcp_tls_key = "" uid = 0 gid = 0 max_recv_message_size = 16777216 max_send_message_size = 16777216 +[ttrpc] + address = "" + uid = 0 + gid = 0 + [debug] address = "" uid = 0 @@ -22,48 +34,100 @@ oom_score = 0 [cgroup] path = "" +[timeouts] + "io.containerd.timeout.shim.cleanup" = "5s" + "io.containerd.timeout.shim.load" = "5s" + "io.containerd.timeout.shim.shutdown" = "3s" + "io.containerd.timeout.task.state" = "2s" + [plugins] - [plugins.cgroups] - no_prometheus = false - [plugins.cri] + [plugins."io.containerd.gc.v1.scheduler"] + pause_threshold = 0.02 + deletion_threshold = 0 + mutation_threshold = 100 + schedule_delay = "0s" + startup_delay = "100ms" + [plugins."io.containerd.grpc.v1.cri"] + disable_tcp_service = true stream_server_address = "" stream_server_port = "10010" + stream_idle_timeout = "4h0m0s" enable_selinux = false - sandbox_image = "k8s.gcr.io/pause:3.1" + selinux_category_range = 1024 + sandbox_image = "k8s.gcr.io/pause:3.2" stats_collect_period = 10 systemd_cgroup = true enable_tls_streaming = false max_container_log_line_size = 16384 - [plugins.cri.containerd] + disable_cgroup = false + disable_apparmor = false + restrict_oom_score_adj = false + max_concurrent_downloads = 3 + disable_proc_mount = false + unset_seccomp_profile = "" + tolerate_missing_hugetlb_controller = true + disable_hugetlb_controller = true + ignore_image_defined_volumes = false + [plugins."io.containerd.grpc.v1.cri".containerd] snapshotter = "overlayfs" + default_runtime_name = "runc" no_pivot = false - [plugins.cri.containerd.default_runtime] - runtime_type = "io.containerd.runtime.v1.linux" + disable_snapshot_annotations = true + discard_unpacked_layers = false + [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime] + runtime_type = "" runtime_engine = "" runtime_root = "" - [plugins.cri.containerd.untrusted_workload_runtime] + privileged_without_host_devices = false + base_runtime_spec = "" + [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime] runtime_type = "" runtime_engine = "" runtime_root = "" - [plugins.cri.cni] + privileged_without_host_devices = false + base_runtime_spec = "" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + runtime_type = "io.containerd.runc.v2" + runtime_engine = "" + runtime_root = "" + privileged_without_host_devices = false + base_runtime_spec = "" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] + [plugins."io.containerd.grpc.v1.cri".cni] bin_dir = "/opt/cni/bin" conf_dir = "/etc/cni/net.d" + max_conf_num = 1 conf_template = "" - [plugins.cri.registry] - [plugins.cri.registry.mirrors] - [plugins.cri.registry.mirrors."docker.io"] + [plugins."io.containerd.grpc.v1.cri".registry] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://registry-1.docker.io"] - [plugins.diff-service] - default = ["walking"] - [plugins.linux] + [plugins."io.containerd.grpc.v1.cri".image_decryption] + key_model = "" + [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming] + tls_cert_file = "" + tls_key_file = "" + [plugins."io.containerd.internal.v1.opt"] + path = "/opt/containerd" + [plugins."io.containerd.internal.v1.restart"] + interval = "10s" + [plugins."io.containerd.metadata.v1.bolt"] + content_sharing_policy = "shared" + [plugins."io.containerd.monitor.v1.cgroups"] + no_prometheus = false + [plugins."io.containerd.runtime.v1.linux"] shim = "containerd-shim" runtime = "runc" runtime_root = "" no_shim = false shim_debug = false - [plugins.scheduler] - pause_threshold = 0.02 - deletion_threshold = 0 - mutation_threshold = 100 - schedule_delay = "0s" - startup_delay = "100ms" + [plugins."io.containerd.runtime.v2.task"] + platforms = ["linux/amd64"] + [plugins."io.containerd.service.v1.diff-service"] + default = ["walking"] + [plugins."io.containerd.snapshotter.v1.devmapper"] + root_path = "" + pool_name = "" + base_image_size = "" + async_remove = false diff --git a/deploy/iso/minikube-iso/package/containerd-bin/config.toml.default b/deploy/iso/minikube-iso/package/containerd-bin/config.toml.default index 156883db337c..c54c96c32022 100644 --- a/deploy/iso/minikube-iso/package/containerd-bin/config.toml.default +++ b/deploy/iso/minikube-iso/package/containerd-bin/config.toml.default @@ -1,14 +1,26 @@ +version = 2 root = "/var/lib/containerd" state = "/run/containerd" +plugin_dir = "" +disabled_plugins = [] +required_plugins = [] oom_score = 0 [grpc] address = "/run/containerd/containerd.sock" + tcp_address = "" + tcp_tls_cert = "" + tcp_tls_key = "" uid = 0 gid = 0 max_recv_message_size = 16777216 max_send_message_size = 16777216 +[ttrpc] + address = "" + uid = 0 + gid = 0 + [debug] address = "" uid = 0 @@ -22,56 +34,100 @@ oom_score = 0 [cgroup] path = "" +[timeouts] + "io.containerd.timeout.shim.cleanup" = "5s" + "io.containerd.timeout.shim.load" = "5s" + "io.containerd.timeout.shim.shutdown" = "3s" + "io.containerd.timeout.task.state" = "2s" + [plugins] - [plugins.cgroups] - no_prometheus = false - [plugins.cri] + [plugins."io.containerd.gc.v1.scheduler"] + pause_threshold = 0.02 + deletion_threshold = 0 + mutation_threshold = 100 + schedule_delay = "0s" + startup_delay = "100ms" + [plugins."io.containerd.grpc.v1.cri"] + disable_tcp_service = true stream_server_address = "127.0.0.1" stream_server_port = "0" + stream_idle_timeout = "4h0m0s" enable_selinux = false - sandbox_image = "k8s.gcr.io/pause:3.1" + selinux_category_range = 1024 + sandbox_image = "k8s.gcr.io/pause:3.2" stats_collect_period = 10 systemd_cgroup = false enable_tls_streaming = false max_container_log_line_size = 16384 + disable_cgroup = false + disable_apparmor = false + restrict_oom_score_adj = false + max_concurrent_downloads = 3 disable_proc_mount = false - [plugins.cri.containerd] + unset_seccomp_profile = "" + tolerate_missing_hugetlb_controller = true + disable_hugetlb_controller = true + ignore_image_defined_volumes = false + [plugins."io.containerd.grpc.v1.cri".containerd] snapshotter = "overlayfs" + default_runtime_name = "runc" no_pivot = false - [plugins.cri.containerd.default_runtime] - runtime_type = "io.containerd.runtime.v1.linux" + disable_snapshot_annotations = true + discard_unpacked_layers = false + [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime] + runtime_type = "" runtime_engine = "" runtime_root = "" - [plugins.cri.containerd.untrusted_workload_runtime] + privileged_without_host_devices = false + base_runtime_spec = "" + [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime] runtime_type = "" runtime_engine = "" runtime_root = "" - [plugins.cri.cni] + privileged_without_host_devices = false + base_runtime_spec = "" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + runtime_type = "io.containerd.runc.v2" + runtime_engine = "" + runtime_root = "" + privileged_without_host_devices = false + base_runtime_spec = "" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] + [plugins."io.containerd.grpc.v1.cri".cni] bin_dir = "/opt/cni/bin" conf_dir = "/etc/cni/net.d" + max_conf_num = 1 conf_template = "" - [plugins.cri.registry] - [plugins.cri.registry.mirrors] - [plugins.cri.registry.mirrors."docker.io"] + [plugins."io.containerd.grpc.v1.cri".registry] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://registry-1.docker.io"] - [plugins.cri.x509_key_pair_streaming] + [plugins."io.containerd.grpc.v1.cri".image_decryption] + key_model = "" + [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming] tls_cert_file = "" tls_key_file = "" - [plugins.diff-service] - default = ["walking"] - [plugins.linux] + [plugins."io.containerd.internal.v1.opt"] + path = "/opt/containerd" + [plugins."io.containerd.internal.v1.restart"] + interval = "10s" + [plugins."io.containerd.metadata.v1.bolt"] + content_sharing_policy = "shared" + [plugins."io.containerd.monitor.v1.cgroups"] + no_prometheus = false + [plugins."io.containerd.runtime.v1.linux"] shim = "containerd-shim" runtime = "runc" runtime_root = "" no_shim = false shim_debug = false - [plugins.opt] - path = "/opt/containerd" - [plugins.restart] - interval = "10s" - [plugins.scheduler] - pause_threshold = 0.02 - deletion_threshold = 0 - mutation_threshold = 100 - schedule_delay = "0s" - startup_delay = "100ms" + [plugins."io.containerd.runtime.v2.task"] + platforms = ["linux/amd64"] + [plugins."io.containerd.service.v1.diff-service"] + default = ["walking"] + [plugins."io.containerd.snapshotter.v1.devmapper"] + root_path = "" + pool_name = "" + base_image_size = "" + async_remove = false