feat: add containerd_extra_runtime_args for CRI runtime configuration (#12247)

Add support for injecting additional configuration options into the containerd CRI runtime plugin section via containerd_extra_runtime_args.
1 month ago · 4ab213bc44
2 changed files with 18 additions and 0 deletions
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@ -84,6 +84,15 @@ containerd_cfg_dir: /etc/containerd
 # Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally
 containerd_extra_args: ''

+# Extra runtime configuration options to be injected into the containerd CRI runtime plugin section
+# [plugins."io.containerd.cri.v1.runtime"]. This is useful for adding containerd runtime
+# configuration options that aren't explicitly supported by Kubespray's default variables.
+# Example:
+#   containerd_extra_runtime_args:
+#     device_ownership_from_security_context: true
+#     another_option: "value"
+containerd_extra_runtime_args: {}
+
 # Configure registry auth (if applicable to secure/insecure registries)
 containerd_registry_auth: []
 #  - registry: 10.0.0.2:5000
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@ -36,6 +36,15 @@ oom_score = {{ containerd_oom_score }}
    enable_cdi = true
    cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
 {% endif %}
+{% for key, value in containerd_extra_runtime_args.items() %}
+{% if value is string %}
+    {{ key }} = "{{ value }}"
+{% elif value is boolean %}
+    {{ key }} = {{ value | lower }}
+{% else %}
+    {{ key }} = {{ value }}
+{% endif %}
+{% endfor %}

   [plugins."io.containerd.cri.v1.runtime".containerd]
     default_runtime_name = "{{ containerd_default_runtime }}"