Browse Source
[containerd] Add config for unpriviledged ports and icmp (#9517)
* [containerd] Add config for unpriviledged ports and icmp
* Updated to match true false variables of other setting
pull/9528/head
Fredrik Liv
1 year ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with
7 additions and
0 deletions
-
roles/container-engine/containerd/defaults/main.yml
-
roles/container-engine/containerd/templates/config.toml.j2
|
|
|
@ -52,6 +52,11 @@ containerd_registries: |
|
|
|
|
|
|
|
containerd_max_container_log_line_size: -1 |
|
|
|
|
|
|
|
# If enabled it will allow non root users to use port numbers <1024 |
|
|
|
containerd_enable_unprivileged_ports: false |
|
|
|
# If enabled it will allow non root users to use icmp sockets |
|
|
|
containerd_enable_unprivileged_icmp: false |
|
|
|
|
|
|
|
containerd_cfg_dir: /etc/containerd |
|
|
|
|
|
|
|
# Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally |
|
|
|
|
|
|
|
@ -18,6 +18,8 @@ oom_score = {{ containerd_oom_score }} |
|
|
|
[plugins."io.containerd.grpc.v1.cri"] |
|
|
|
sandbox_image = "{{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}" |
|
|
|
max_container_log_line_size = {{ containerd_max_container_log_line_size }} |
|
|
|
enable_unprivileged_ports = {{ containerd_enable_unprivileged_ports | default(false) | lower }} |
|
|
|
enable_unprivileged_icmp = {{ containerd_enable_unprivileged_icmp | default(false) | lower }} |
|
|
|
[plugins."io.containerd.grpc.v1.cri".containerd] |
|
|
|
default_runtime_name = "{{ containerd_default_runtime | default('runc') }}" |
|
|
|
snapshotter = "{{ containerd_snapshotter | default('overlayfs') }}" |
|
|
|
|
