kubespray/roles/container-engine/containerd/defaults/main.yml

---
containerd_storage_dir: "/var/lib/containerd"
containerd_state_dir: "/run/containerd"
containerd_systemd_dir: "/etc/systemd/system/containerd.service.d"
# The default value is not -999 here because containerd's oom_score_adj has been
# set to the -999 even if containerd_oom_score is 0.
# Ref: https://github.com/kubernetes-sigs/kubespray/pull/9275#issuecomment-1246499242
containerd_oom_score: 0

containerd_default_runtime: "runc"
containerd_snapshotter: "overlayfs"

containerd_runc_runtime:
  name: runc
  type: "io.containerd.runc.v2"
  engine: ""
  root: ""
  base_runtime_spec: cri-base.json
  options:
    systemdCgroup: "{{ containerd_use_systemd_cgroup | ternary('true', 'false') }}"
    binaryName: "{{ bin_dir }}/runc"

containerd_additional_runtimes: []
# Example for Kata Containers as additional runtime:
#  - name: kata
#    type: "io.containerd.kata.v2"
#    engine: ""
#    root: ""

containerd_base_runtime_spec_rlimit_nofile: 65535

containerd_default_base_runtime_spec_patch:
  process:
    rlimits:
      - type: RLIMIT_NOFILE
        hard: "{{ containerd_base_runtime_spec_rlimit_nofile }}"
        soft: "{{ containerd_base_runtime_spec_rlimit_nofile }}"

# Can help reduce disk usage
# https://github.com/containerd/containerd/discussions/6295
containerd_discard_unpacked_layers: true

containerd_base_runtime_specs:
  cri-base.json: "{{ containerd_default_base_runtime_spec | combine(containerd_default_base_runtime_spec_patch, recursive=1) }}"

containerd_grpc_max_recv_message_size: 16777216
containerd_grpc_max_send_message_size: 16777216

containerd_debug_address: ""
containerd_debug_level: "info"
containerd_debug_format: ""
containerd_debug_uid: 0
containerd_debug_gid: 0

containerd_metrics_address: ""

containerd_metrics_grpc_histogram: false

containerd_registries_mirrors:
  - prefix: docker.io
    mirrors:
      - host: https://registry-1.docker.io
        capabilities: ["pull", "resolve"]
        skip_verify: false

containerd_max_container_log_line_size: 16384

# If enabled it will allow non root users to use port numbers <1024
containerd_enable_unprivileged_ports: false
# If enabled it will allow non root users to use icmp sockets
containerd_enable_unprivileged_icmp: false

containerd_enable_selinux: false
containerd_disable_apparmor: false
containerd_tolerate_missing_hugetlb_controller: true
containerd_disable_hugetlb_controller: true
containerd_image_pull_progress_timeout: 5m

containerd_cfg_dir: /etc/containerd

# Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally
containerd_extra_args: ''

# Configure registry auth (if applicable to secure/insecure registries)
containerd_registry_auth: []
#  - registry: 10.0.0.2:5000
#    username: user
#    password: pass

# Configure containerd service
containerd_limit_proc_num: "infinity"
containerd_limit_core: "infinity"
containerd_limit_open_file_num: "infinity"
containerd_limit_mem_lock: "infinity"

# If enabled it will use config_path and config to be put in {{ containerd_cfg_dir }}/certs.d/
containerd_use_config_path: false

# OS distributions that already support containerd
containerd_supported_distributions:
  - "CentOS"
  - "OracleLinux"
  - "RedHat"
  - "Ubuntu"
  - "Debian"
  - "Fedora"
  - "AlmaLinux"
  - "Rocky"
  - "Amazon"
  - "Flatcar"
  - "Flatcar Container Linux by Kinvolk"
  - "Suse"
  - "openSUSE Leap"
  - "openSUSE Tumbleweed"
  - "Kylin Linux Advanced Server"
  - "UnionTech"
  - "UniontechOS"
  - "openEuler"

# Enable container device interface
enable_cdi: false

# For containerd tracing configuration please check out the official documentation:
# https://github.com/containerd/containerd/blob/main/docs/tracing.md
containerd_tracing_enabled: false
containerd_tracing_endpoint: "0.0.0.0:4317"
containerd_tracing_protocol: "grpc"
containerd_tracing_sampling_ratio: 1.0
containerd_tracing_service_name: "containerd"