richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7971 Commits
29 Branches
81 Tags
149 MiB
Tree: 316e579543
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '316e579543'
${ noResults }
kubespray/docs/CRI/containerd.md

151 lines
4.5 KiB
Raw Normal View History

fix typo in containerd doc (#7057)
3 years ago
containerd docker hub registry mirror support (#6962) * containerd docker hub registry mirror support * add docs * fix typo * fix yamllint * fix indent in sample and ansible-playbook param in testcases_run * fix md * mv common vars to tests/common/_docker_hub_registry_mirror.yml * checkout vars to upgrade tests
4 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
containerd docker hub registry mirror support (#6962) * containerd docker hub registry mirror support * add docs * fix typo * fix yamllint * fix indent in sample and ansible-playbook param in testcases_run * fix md * mv common vars to tests/common/_docker_hub_registry_mirror.yml * checkout vars to upgrade tests
4 years ago
Update containerd doc (#8369) This is a follow-up change for https://github.com/kubernetes-sigs/kubespray/pull/7911
2 years ago
Update node about container_manager variable (#7911) I was deploy my cluster with separate etcd cluster and not intersect with kube_control_plane or kube_node. And I want to run etcd cluster in docker but still used containerd to make container runtime for all other nodes. Therefore, I was added note to this doc for everyone Thank !
2 years ago
containerd docker hub registry mirror support (#6962) * containerd docker hub registry mirror support * add docs * fix typo * fix yamllint * fix indent in sample and ansible-playbook param in testcases_run * fix md * mv common vars to tests/common/_docker_hub_registry_mirror.yml * checkout vars to upgrade tests
4 years ago
Update containerd documentation with etcd change (#7126) * update containerd documentation with etcd change * update conterind docs
3 years ago
containerd docker hub registry mirror support (#6962) * containerd docker hub registry mirror support * add docs * fix typo * fix yamllint * fix indent in sample and ansible-playbook param in testcases_run * fix md * mv common vars to tests/common/_docker_hub_registry_mirror.yml * checkout vars to upgrade tests
4 years ago
Fix containerd config_path mirrors and remove nerdctl insecure_registry (#10196) * Fix containerd_registries in config_path for mirrors and remove nerdctl global insecure_registry setting * Make containerd hosts.toml mode 0640 * Add containerd_registries_mirrors and keep containerd_registries to pass packet_debian11-calico-upgrade
1 year ago
containerd docker hub registry mirror support (#6962) * containerd docker hub registry mirror support * add docs * fix typo * fix yamllint * fix indent in sample and ansible-playbook param in testcases_run * fix md * mv common vars to tests/common/_docker_hub_registry_mirror.yml * checkout vars to upgrade tests
4 years ago
containerd: allow to configure fallback server (#10988) Also nerdctl limitation is now removed as we use /etc/containerd/certs.d/
6 months ago
Document image_command_tool and image_command_tool_on_localhost (#8409) Signed-off-by: Mathieu Parent <mathieu.parent@insee.fr>
2 years ago
containerd: allow to configure fallback server (#10988) Also nerdctl limitation is now removed as we use /etc/containerd/certs.d/
6 months ago
Document image_command_tool and image_command_tool_on_localhost (#8409) Signed-off-by: Mathieu Parent <mathieu.parent@insee.fr>
2 years ago
remove containerd registries (#10738)
11 months ago
[containerd] Allow configuring base_runtime_spec per containerd runtime (#9302) and supply a default runtime spec.
2 years ago
[containerd] Simplify limiting number of open files per container (#9319) by setting a default runtime spec with a patch for RLIMIT_NOFILE. - Introduces containerd_base_runtime_spec_rlimit_nofile. - Generates base_runtime_spec on-the-fly, to use the containerd version of the node.
2 years ago
[containerd] Allow configuring base_runtime_spec per containerd runtime (#9302) and supply a default runtime spec.
2 years ago
fix: with_item to with_dict (#9729) Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
1 year ago
Fix containerd config_path mirrors and remove nerdctl insecure_registry (#10196) * Fix containerd_registries in config_path for mirrors and remove nerdctl global insecure_registry setting * Make containerd hosts.toml mode 0640 * Add containerd_registries_mirrors and keep containerd_registries to pass packet_debian11-calico-upgrade
1 year ago
fix: with_item to with_dict (#9729) Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
1 year ago
containerd docker hub registry mirror support (#6962) * containerd docker hub registry mirror support * add docs * fix typo * fix yamllint * fix indent in sample and ansible-playbook param in testcases_run * fix md * mv common vars to tests/common/_docker_hub_registry_mirror.yml * checkout vars to upgrade tests
4 years ago
[containerd] Allow configuring base_runtime_spec per containerd runtime (#9302) and supply a default runtime spec.
2 years ago
Refactor NRI activation for containerd and CRI-O (#10470) Refactor NRI (Node Resource Interface) activation in CRI-O and containerd. Introduce a shared variable, nri_enabled, to streamline the process. Currently, enabling NRI requires a separate update of defaults for each container runtime independently, without any verification of NRI support for the specific version of containerd or CRI-O in use. With this commit, the previous approach is replaced. Now, a single variable, nri_enabled, handles this functionality. Also, this commit separates the responsibility of verifying NRI supported versions of containerd and CRI-O from cluster administrators, and leaves it to Ansible. Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
1 year ago
  1. # containerd
  3. [containerd] An industry-standard container runtime with an emphasis on simplicity, robustness and portability
  4. Kubespray supports basic functionality for using containerd as the default container runtime in a cluster.
  6. _To use the containerd container runtime set the following variables:_
  8. ## k8s_cluster.yml
  10. When kube_node contains etcd, you define your etcd cluster to be as well schedulable for Kubernetes workloads. Thus containerd and dockerd can not run at same time, must be set to bellow for running etcd cluster with only containerd.
  12. ```yaml
  13. container_manager: containerd
  14. ```
  16. ## etcd.yml
  18. ```yaml
  19. etcd_deployment_type: host
  20. ```
  22. ## Containerd config
  24. Example: define registry mirror for docker hub
  26. ```yaml
  27. containerd_registries_mirrors:
  28. - prefix: docker.io
  29. mirrors:
  30. - host: https://mirror.gcr.io
  31. capabilities: ["pull", "resolve"]
  32. skip_verify: false
  33. - host: https://registry-1.docker.io
  34. capabilities: ["pull", "resolve"]
  35. skip_verify: false
  36. ```
  38. containerd falls back to `https://{{ prefix }}` when none of the mirrors have the image.
  39. This can be changed with the [`server` field](https://github.com/containerd/containerd/blob/main/docs/hosts.md#server-field):
  41. ```yaml
  42. containerd_registries_mirrors:
  43. - prefix: docker.io
  44. mirrors:
  45. - host: https://mirror.gcr.io
  46. capabilities: ["pull", "resolve"]
  47. skip_verify: false
  48. - host: https://registry-1.docker.io
  49. capabilities: ["pull", "resolve"]
  50. skip_verify: false
  51. server: https://mirror.example.org
  52. ```
  54. The `containerd_registries` and `containerd_insecure_registries` configs are deprecated.
  56. ### Containerd Runtimes
  58. Containerd supports multiple runtime configurations that can be used with
  59. [RuntimeClass] Kubernetes feature. See [runtime classes in containerd] for the
  60. details of containerd configuration.
  62. In kubespray, the default runtime name is "runc", and it can be configured with the `containerd_runc_runtime` dictionary:
  64. ```yaml
  65. containerd_runc_runtime:
  66. name: runc
  67. type: "io.containerd.runc.v2"
  68. engine: ""
  69. root: ""
  70. options:
  71. systemdCgroup: "false"
  72. binaryName: /usr/local/bin/my-runc
  73. base_runtime_spec: cri-base.json
  74. ```
  76. Further runtimes can be configured with `containerd_additional_runtimes`, which
  77. is a list of such dictionaries.
  79. Default runtime can be changed by setting `containerd_default_runtime`.
  81. #### Base runtime specs and limiting number of open files
  83. `base_runtime_spec` key in a runtime dictionary is used to explicitly
  84. specify a runtime spec json file. `runc` runtime has it set to `cri-base.json`,
  85. which is generated with `ctr oci spec > /etc/containerd/cri-base.json` and
  86. updated to include a custom setting for maximum number of file descriptors per
  87. container.
  89. You can change maximum number of file descriptors per container for the default
  90. `runc` runtime by setting the `containerd_base_runtime_spec_rlimit_nofile`
  91. variable.
  93. You can tune many more [settings][runtime-spec] by supplying your own file name and content with `containerd_base_runtime_specs`:
  95. ```yaml
  96. containerd_base_runtime_specs:
  97. cri-spec-custom.json: |
  98. {
  99. "ociVersion": "1.0.2-dev",
  100. "process": {
  101. "user": {
  102. "uid": 0,
  103. ...
  104. ```
  106. The files in this dict will be placed in containerd config directory,
  107. `/etc/containerd` by default. The files can then be referenced by filename in a
  108. runtime:
  110. ```yaml
  111. containerd_runc_runtime:
  112. name: runc
  113. base_runtime_spec: cri-spec-custom.json
  114. ...
  115. ```
  117. Config insecure-registry access to self hosted registries.
  119. ```yaml
  120. containerd_registries_mirrors:
  121. - prefix: test.registry.io
  122. mirrors:
  123. - host: http://test.registry.io
  124. capabilities: ["pull", "resolve"]
  125. skip_verify: true
  126. - prefix: 172.19.16.11:5000
  127. mirrors:
  128. - host: http://172.19.16.11:5000
  129. capabilities: ["pull", "resolve"]
  130. skip_verify: true
  131. - prefix: repo:5000
  132. mirrors:
  133. - host: http://repo:5000
  134. capabilities: ["pull", "resolve"]
  135. skip_verify: true
  136. ```
  138. [containerd]: https://containerd.io/
  139. [RuntimeClass]: https://kubernetes.io/docs/concepts/containers/runtime-class/
  140. [runtime classes in containerd]: https://github.com/containerd/containerd/blob/main/docs/cri/config.md#runtime-classes
  141. [runtime-spec]: https://github.com/opencontainers/runtime-spec
  143. ### Optional : NRI
  145. [Node Resource Interface](https://github.com/containerd/nri) (NRI) is disabled by default for the containerd. If you
  146. are using contained version v1.7.0 or above, then you can enable it with the
  147. following configuration:
  149. ```yaml
  150. nri_enabled: true
  151. ```