richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7544 Commits
30 Branches
81 Tags
149 MiB
Tree: baf4842774
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'baf4842774'
${ noResults }
kubespray/docs/cri-o.md

90 lines
2.1 KiB
Raw Normal View History

Add markdown CI (#5380)
5 years ago
Add cri-o document.
6 years ago
Updated cri-o documentation (#3878)
5 years ago
Add cri-o document.
6 years ago
Updated cri-o documentation (#3878)
5 years ago
install etcdctl to host when etcd deployment type is kubeadm (#6857) * create a wrapper script with pki options * supports all kubespray managed container engines Co-authored-by: Hans Feldt <hafe@users.noreply.github.com>
4 years ago
Add cri-o document.
6 years ago
bump crio version to 1.19 (#6758) * bump crio version to 1.19 * crio package name has changed for debian/ubuntu * crio upgrade does not work, see #6757 * update crio info in docs
4 years ago
Add cri-o document.
6 years ago
add crio registry mirror support (#6977) * add crio registry mirror support * mdlint fix
4 years ago
Add cri-o document.
6 years ago
Updated cri-o documentation (#3878)
5 years ago
Add cri-o document.
6 years ago
Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable (#8317) * Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable Signed-off-by: necatican <necaticanyildirim@gmail.com> * Add etcd kubeadm deployment documentation Signed-off-by: necatican <necaticanyildirim@gmail.com> * Refactor warning for the deprecated 'etcd_kubeadm_enabled' variable Signed-off-by: necatican <necaticanyildirim@gmail.com>
2 years ago
Add cri-o document.
6 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Add cri-o document.
6 years ago
Updated cri-o documentation (#3878)
5 years ago
container_manager variable to specify runtime.
6 years ago
Add cri-o document.
6 years ago
Updated cri-o documentation (#3878)
5 years ago
add crio registry mirror support (#6977) * add crio registry mirror support * mdlint fix
4 years ago
Update configuration of registries in cri-o (#7852) * Update configuration of registries in cri-o * Update docs to match new registry configuration
2 years ago
add crio registry mirror support (#6977) * add crio registry mirror support * mdlint fix
4 years ago
CRI-O: fix unqualified-search registries (#8496)
2 years ago
add crio registry mirror support (#6977) * add crio registry mirror support * mdlint fix
4 years ago
Updated cri-o documentation (#3878)
5 years ago
Add support for CRI-O user namespaces (#8268) * add support for cri-o user namespaces * comply with yamllint rules
2 years ago
Update docs for crio (#10785)
10 months ago
Add support for CRI-O user namespaces (#8268) * add support for cri-o user namespaces * comply with yamllint rules
2 years ago
Refactor NRI activation for containerd and CRI-O (#10470) Refactor NRI (Node Resource Interface) activation in CRI-O and containerd. Introduce a shared variable, nri_enabled, to streamline the process. Currently, enabling NRI requires a separate update of defaults for each container runtime independently, without any verification of NRI support for the specific version of containerd or CRI-O in use. With this commit, the previous approach is replaced. Now, a single variable, nri_enabled, handles this functionality. Also, this commit separates the responsibility of verifying NRI supported versions of containerd and CRI-O from cluster administrators, and leaves it to Ansible. Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
1 year ago
  1. # CRI-O
  3. [CRI-O] is a lightweight container runtime for Kubernetes.
  4. Kubespray supports basic functionality for using CRI-O as the default container runtime in a cluster.
  6. * Kubernetes supports CRI-O on v1.11.1 or later.
  7. * etcd: configure either kubeadm managed etcd or host deployment
  9. _To use the CRI-O container runtime set the following variables:_
  11. ## all/all.yml
  13. ```yaml
  14. download_container: false
  15. skip_downloads: false
  16. etcd_deployment_type: host # optionally kubeadm
  17. ```
  19. ## k8s_cluster/k8s_cluster.yml
  21. ```yaml
  22. container_manager: crio
  23. ```
  25. ## all/crio.yml
  27. Enable docker hub registry mirrors
  29. ```yaml
  30. crio_registries:
  31. - prefix: docker.io
  32. insecure: false
  33. blocked: false
  34. location: registry-1.docker.io
  35. unqualified: false
  36. mirrors:
  37. - location: 192.168.100.100:5000
  38. insecure: true
  39. - location: mirror.gcr.io
  40. insecure: false
  41. ```
  43. [CRI-O]: https://cri-o.io/
  45. The following is a method to enable insecure registries.
  47. ```yaml
  48. crio_insecure_registries:
  49. - 10.0.0.2:5000
  50. ```
  52. And you can config authentication for these registries after `crio_insecure_registries`.
  54. ```yaml
  55. crio_registry_auth:
  56. - registry: 10.0.0.2:5000
  57. username: user
  58. password: pass
  59. ```
  61. ## Note about user namespaces
  63. CRI-O has support for user namespaces. This feature is optional and can be enabled by setting the following two variables.
  65. ```yaml
  66. crio_runtimes:
  67. - name: runc
  68. path: /usr/bin/runc
  69. type: oci
  70. root: /run/runc
  71. allowed_annotations:
  72. - "io.kubernetes.cri-o.userns-mode"
  74. crio_remap_enable: true
  75. ```
  77. The `allowed_annotations` configures `crio.conf` accordingly.
  79. The `crio_remap_enable` configures the `/etc/subuid` and `/etc/subgid` files to add an entry for the **containers** user.
  80. By default, 16M uids and gids are reserved for user namespaces (256 pods * 65536 uids/gids) at the end of the uid/gid space.
  82. ## Optional : NRI
  84. [Node Resource Interface](https://github.com/containerd/nri) (NRI) is disabled by default for the CRI-O. If you
  85. are using CRI-O version v1.26.0 or above, then you can enable it with the
  86. following configuration:
  88. ```yaml
  89. nri_enabled: true
  90. ```