From f964b3438d024e27f226f55db3e5f66dcfdb6c34 Mon Sep 17 00:00:00 2001 From: Feruzjon Muyassarov Date: Thu, 21 Sep 2023 10:30:19 +0300 Subject: [PATCH] Add configuration option for NRI in crio & containerd (#10454) * [containerd] Add Configuration option for Node Resource Interface Node Resource Interface (NRI) is a common is a common framework for plugging domain or vendor-specific custom logic into container runtime like containerd. With this commit, we introduce the containerd_disable_nri configuration flag, providing cluster administrators the flexibility to opt in or out (defaulted to 'out') of this feature in containerd. In line with containerd's default configuration, NRI is disabled by default in this containerd role defaults. Signed-off-by: Feruzjon Muyassarov * [cri-o] Add configuration option for Node Resource Interface Node Resource Interface (NRI) is a common is a common framework for plugging domain or vendor-specific custom logic into container runtimes like containerd/crio. With this commit, we introduce the crio_enable_nri configuration flag, providing cluster administrators the flexibility to opt in or out (defaulted to 'out') of this feature in cri-o runtime. In line with crio's default configuration, NRI is disabled by default in this cri-o role defaults. Signed-off-by: Feruzjon Muyassarov --------- Signed-off-by: Feruzjon Muyassarov --- roles/container-engine/containerd/defaults/main.yml | 3 +++ roles/container-engine/containerd/templates/config.toml.j2 | 3 +++ roles/container-engine/cri-o/defaults/main.yml | 3 +++ roles/container-engine/cri-o/templates/crio.conf.j2 | 5 +++++ 4 files changed, 14 insertions(+) diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml index 05cfd95c1..9359e1aeb 100644 --- a/roles/container-engine/containerd/defaults/main.yml +++ b/roles/container-engine/containerd/defaults/main.yml @@ -64,6 +64,9 @@ containerd_enable_unprivileged_ports: false # If enabled it will allow non root users to use icmp sockets containerd_enable_unprivileged_icmp: false +# If enabled, it will activate the NRI support in containerd +containerd_nri_disable: true + containerd_cfg_dir: /etc/containerd # Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2 index a04ec485e..ba107ee8b 100644 --- a/roles/container-engine/containerd/templates/config.toml.j2 +++ b/roles/container-engine/containerd/templates/config.toml.j2 @@ -78,6 +78,9 @@ oom_score = {{ containerd_oom_score }} {% endif %} {% endfor %} + [plugins."io.containerd.nri.v1.nri"] + disable = {{ containerd_nri_disable | default(true) | lower }} + {% if containerd_extra_args is defined %} {{ containerd_extra_args }} {% endif %} diff --git a/roles/container-engine/cri-o/defaults/main.yml b/roles/container-engine/cri-o/defaults/main.yml index 949ed69ed..053af20e6 100644 --- a/roles/container-engine/cri-o/defaults/main.yml +++ b/roles/container-engine/cri-o/defaults/main.yml @@ -97,3 +97,6 @@ crio_man_files: 8: - crio - crio-status + +# If set to true, it will enable the NRI support in cri-o +crio_enable_nri: false diff --git a/roles/container-engine/cri-o/templates/crio.conf.j2 b/roles/container-engine/cri-o/templates/crio.conf.j2 index 80dc80d05..f92206e32 100644 --- a/roles/container-engine/cri-o/templates/crio.conf.j2 +++ b/roles/container-engine/cri-o/templates/crio.conf.j2 @@ -376,3 +376,8 @@ enable_metrics = {{ crio_enable_metrics | bool | lower }} # The port on which the metrics server will listen. metrics_port = {{ crio_metrics_port }} + +[crio.nri] + +# Enable or disable NRI (Node Resource Interface) support in CRI-O. +enable_nri={{ crio_enable_nri | default(false) | lower }}