richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7575 Commits
29 Branches
81 Tags
149 MiB
Tree: cd7d11fea2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cd7d11fea2'
${ noResults }
kubespray/docs/containerd.md

144 lines
4.3 KiB
Raw Normal View History

fix typo in containerd doc (#7057)
3 years ago
containerd docker hub registry mirror support (#6962) * containerd docker hub registry mirror support * add docs * fix typo * fix yamllint * fix indent in sample and ansible-playbook param in testcases_run * fix md * mv common vars to tests/common/_docker_hub_registry_mirror.yml * checkout vars to upgrade tests
4 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
containerd docker hub registry mirror support (#6962) * containerd docker hub registry mirror support * add docs * fix typo * fix yamllint * fix indent in sample and ansible-playbook param in testcases_run * fix md * mv common vars to tests/common/_docker_hub_registry_mirror.yml * checkout vars to upgrade tests
4 years ago
Update containerd doc (#8369) This is a follow-up change for https://github.com/kubernetes-sigs/kubespray/pull/7911
2 years ago
Update node about container_manager variable (#7911) I was deploy my cluster with separate etcd cluster and not intersect with kube_control_plane or kube_node. And I want to run etcd cluster in docker but still used containerd to make container runtime for all other nodes. Therefore, I was added note to this doc for everyone Thank !
2 years ago
containerd docker hub registry mirror support (#6962) * containerd docker hub registry mirror support * add docs * fix typo * fix yamllint * fix indent in sample and ansible-playbook param in testcases_run * fix md * mv common vars to tests/common/_docker_hub_registry_mirror.yml * checkout vars to upgrade tests
4 years ago
Update containerd documentation with etcd change (#7126) * update containerd documentation with etcd change * update conterind docs
3 years ago
containerd docker hub registry mirror support (#6962) * containerd docker hub registry mirror support * add docs * fix typo * fix yamllint * fix indent in sample and ansible-playbook param in testcases_run * fix md * mv common vars to tests/common/_docker_hub_registry_mirror.yml * checkout vars to upgrade tests
4 years ago
Fix containerd config_path mirrors and remove nerdctl insecure_registry (#10196) * Fix containerd_registries in config_path for mirrors and remove nerdctl global insecure_registry setting * Make containerd hosts.toml mode 0640 * Add containerd_registries_mirrors and keep containerd_registries to pass packet_debian11-calico-upgrade
1 year ago
containerd docker hub registry mirror support (#6962) * containerd docker hub registry mirror support * add docs * fix typo * fix yamllint * fix indent in sample and ansible-playbook param in testcases_run * fix md * mv common vars to tests/common/_docker_hub_registry_mirror.yml * checkout vars to upgrade tests
4 years ago
Fix containerd config_path mirrors and remove nerdctl insecure_registry (#10196) * Fix containerd_registries in config_path for mirrors and remove nerdctl global insecure_registry setting * Make containerd hosts.toml mode 0640 * Add containerd_registries_mirrors and keep containerd_registries to pass packet_debian11-calico-upgrade
1 year ago
Document image_command_tool and image_command_tool_on_localhost (#8409) Signed-off-by: Mathieu Parent <mathieu.parent@insee.fr>
2 years ago
Fix containerd config_path mirrors and remove nerdctl insecure_registry (#10196) * Fix containerd_registries in config_path for mirrors and remove nerdctl global insecure_registry setting * Make containerd hosts.toml mode 0640 * Add containerd_registries_mirrors and keep containerd_registries to pass packet_debian11-calico-upgrade
1 year ago
Document image_command_tool and image_command_tool_on_localhost (#8409) Signed-off-by: Mathieu Parent <mathieu.parent@insee.fr>
2 years ago
remove containerd registries (#10738)
11 months ago
[containerd] Allow configuring base_runtime_spec per containerd runtime (#9302) and supply a default runtime spec.
2 years ago
[containerd] Simplify limiting number of open files per container (#9319) by setting a default runtime spec with a patch for RLIMIT_NOFILE. - Introduces containerd_base_runtime_spec_rlimit_nofile. - Generates base_runtime_spec on-the-fly, to use the containerd version of the node.
2 years ago
[containerd] Allow configuring base_runtime_spec per containerd runtime (#9302) and supply a default runtime spec.
2 years ago
fix: with_item to with_dict (#9729) Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
1 year ago
Fix containerd config_path mirrors and remove nerdctl insecure_registry (#10196) * Fix containerd_registries in config_path for mirrors and remove nerdctl global insecure_registry setting * Make containerd hosts.toml mode 0640 * Add containerd_registries_mirrors and keep containerd_registries to pass packet_debian11-calico-upgrade
1 year ago
fix: with_item to with_dict (#9729) Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
1 year ago
containerd docker hub registry mirror support (#6962) * containerd docker hub registry mirror support * add docs * fix typo * fix yamllint * fix indent in sample and ansible-playbook param in testcases_run * fix md * mv common vars to tests/common/_docker_hub_registry_mirror.yml * checkout vars to upgrade tests
4 years ago
[containerd] Allow configuring base_runtime_spec per containerd runtime (#9302) and supply a default runtime spec.
2 years ago
Refactor NRI activation for containerd and CRI-O (#10470) Refactor NRI (Node Resource Interface) activation in CRI-O and containerd. Introduce a shared variable, nri_enabled, to streamline the process. Currently, enabling NRI requires a separate update of defaults for each container runtime independently, without any verification of NRI support for the specific version of containerd or CRI-O in use. With this commit, the previous approach is replaced. Now, a single variable, nri_enabled, handles this functionality. Also, this commit separates the responsibility of verifying NRI supported versions of containerd and CRI-O from cluster administrators, and leaves it to Ansible. Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
1 year ago
  1. # containerd
  3. [containerd] An industry-standard container runtime with an emphasis on simplicity, robustness and portability
  4. Kubespray supports basic functionality for using containerd as the default container runtime in a cluster.
  6. _To use the containerd container runtime set the following variables:_
  8. ## k8s_cluster.yml
  10. When kube_node contains etcd, you define your etcd cluster to be as well schedulable for Kubernetes workloads. Thus containerd and dockerd can not run at same time, must be set to bellow for running etcd cluster with only containerd.
  12. ```yaml
  13. container_manager: containerd
  14. ```
  16. ## etcd.yml
  18. ```yaml
  19. etcd_deployment_type: host
  20. ```
  22. ## Containerd config
  24. Example: define registry mirror for docker hub
  26. ```yaml
  27. containerd_registries_mirrors:
  28. - prefix: docker.io
  29. mirrors:
  30. - host: https://mirror.gcr.io
  31. capabilities: ["pull", "resolve"]
  32. skip_verify: false
  33. - host: https://registry-1.docker.io
  34. capabilities: ["pull", "resolve"]
  35. skip_verify: false
  36. ```
  38. `containerd_registries_mirrors` is ignored for pulling images when `image_command_tool=nerdctl`
  39. (the default for `container_manager=containerd`). Use `crictl` instead, it supports
  40. `containerd_registries_mirrors` but lacks proper multi-arch support (see
  41. [#8375](https://github.com/kubernetes-sigs/kubespray/issues/8375)):
  43. ```yaml
  44. image_command_tool: crictl
  45. ```
  47. The `containerd_registries` and `containerd_insecure_registries` configs are deprecated.
  49. ### Containerd Runtimes
  51. Containerd supports multiple runtime configurations that can be used with
  52. [RuntimeClass] Kubernetes feature. See [runtime classes in containerd] for the
  53. details of containerd configuration.
  55. In kubespray, the default runtime name is "runc", and it can be configured with the `containerd_runc_runtime` dictionary:
  57. ```yaml
  58. containerd_runc_runtime:
  59. name: runc
  60. type: "io.containerd.runc.v2"
  61. engine: ""
  62. root: ""
  63. options:
  64. systemdCgroup: "false"
  65. binaryName: /usr/local/bin/my-runc
  66. base_runtime_spec: cri-base.json
  67. ```
  69. Further runtimes can be configured with `containerd_additional_runtimes`, which
  70. is a list of such dictionaries.
  72. Default runtime can be changed by setting `containerd_default_runtime`.
  74. #### Base runtime specs and limiting number of open files
  76. `base_runtime_spec` key in a runtime dictionary is used to explicitly
  77. specify a runtime spec json file. `runc` runtime has it set to `cri-base.json`,
  78. which is generated with `ctr oci spec > /etc/containerd/cri-base.json` and
  79. updated to include a custom setting for maximum number of file descriptors per
  80. container.
  82. You can change maximum number of file descriptors per container for the default
  83. `runc` runtime by setting the `containerd_base_runtime_spec_rlimit_nofile`
  84. variable.
  86. You can tune many more [settings][runtime-spec] by supplying your own file name and content with `containerd_base_runtime_specs`:
  88. ```yaml
  89. containerd_base_runtime_specs:
  90. cri-spec-custom.json: |
  91. {
  92. "ociVersion": "1.0.2-dev",
  93. "process": {
  94. "user": {
  95. "uid": 0,
  96. ...
  97. ```
  99. The files in this dict will be placed in containerd config directory,
  100. `/etc/containerd` by default. The files can then be referenced by filename in a
  101. runtime:
  103. ```yaml
  104. containerd_runc_runtime:
  105. name: runc
  106. base_runtime_spec: cri-spec-custom.json
  107. ...
  108. ```
  110. Config insecure-registry access to self hosted registries.
  112. ```yaml
  113. containerd_registries_mirrors:
  114. - prefix: test.registry.io
  115. mirrors:
  116. - host: http://test.registry.io
  117. capabilities: ["pull", "resolve"]
  118. skip_verify: true
  119. - prefix: 172.19.16.11:5000
  120. mirrors:
  121. - host: http://172.19.16.11:5000
  122. capabilities: ["pull", "resolve"]
  123. skip_verify: true
  124. - prefix: repo:5000
  125. mirrors:
  126. - host: http://repo:5000
  127. capabilities: ["pull", "resolve"]
  128. skip_verify: true
  129. ```
  131. [containerd]: https://containerd.io/
  132. [RuntimeClass]: https://kubernetes.io/docs/concepts/containers/runtime-class/
  133. [runtime classes in containerd]: https://github.com/containerd/containerd/blob/main/docs/cri/config.md#runtime-classes
  134. [runtime-spec]: https://github.com/opencontainers/runtime-spec
  136. ### Optional : NRI
  138. [Node Resource Interface](https://github.com/containerd/nri) (NRI) is disabled by default for the containerd. If you
  139. are using contained version v1.7.0 or above, then you can enable it with the
  140. following configuration:
  142. ```yaml
  143. nri_enabled: true
  144. ```