Switch Fedora CoreOS from docker-shim to containerd
* Migrate from `docker-shim` to `containerd` in preparation for Kubernetes v1.24.0 dropping `docker-shim` support * Much consideration was given to the container runtime choice. https://github.com/poseidon/typhoon/issues/899 provides relevant rationales
This commit is contained in:
parent
415b7fa19a
commit
f544a9c71f
|
@ -4,6 +4,12 @@ Notable changes between versions.
|
||||||
|
|
||||||
## Latest
|
## Latest
|
||||||
|
|
||||||
|
### Fedora CoreOS
|
||||||
|
|
||||||
|
* Switch Kubernetes Container Runtime from `docker` to `containerd` ([#1101](https://github.com/poseidon/typhoon/pull/1101))
|
||||||
|
|
||||||
|
## v1.23.1
|
||||||
|
|
||||||
* Kubernetes [v1.23.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#v1231)
|
* Kubernetes [v1.23.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#v1231)
|
||||||
* Workaround Terraform v1.1 regression in `file` provisioner ([#1093](https://github.com/poseidon/typhoon/pull/1093))
|
* Workaround Terraform v1.1 regression in `file` provisioner ([#1093](https://github.com/poseidon/typhoon/pull/1093))
|
||||||
|
|
||||||
|
|
|
@ -29,7 +29,7 @@ systemd:
|
||||||
LimitNOFILE=40000
|
LimitNOFILE=40000
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
- name: docker.service
|
- name: containerd.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: wait-for-dns.service
|
- name: wait-for-dns.service
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -74,7 +74,7 @@ systemd:
|
||||||
--volume /run:/run \
|
--volume /run:/run \
|
||||||
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
||||||
--volume /var/lib/calico:/var/lib/calico:ro \
|
--volume /var/lib/calico:/var/lib/calico:ro \
|
||||||
--volume /var/lib/docker:/var/lib/docker \
|
--volume /var/lib/containerd:/var/lib/containerd \
|
||||||
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
|
@ -86,6 +86,8 @@ systemd:
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--cgroup-driver=systemd \
|
||||||
--cgroups-per-qos=true \
|
--cgroups-per-qos=true \
|
||||||
|
--container-runtime=remote \
|
||||||
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
--enforce-node-allocatable=pods \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
--client-ca-file=/etc/kubernetes/ca.crt \
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
--cluster_dns=${cluster_dns_service_ip} \
|
||||||
|
@ -220,6 +222,25 @@ storage:
|
||||||
ETCD_PEER_CLIENT_CERT_AUTH=true
|
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||||
ETCD_UNSUPPORTED_ARCH=arm64
|
ETCD_UNSUPPORTED_ARCH=arm64
|
||||||
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
||||||
|
- path: /etc/containerd/config.toml
|
||||||
|
overwrite: true
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
version = 2
|
||||||
|
root = "/var/lib/containerd"
|
||||||
|
state = "/run/containerd"
|
||||||
|
subreaper = true
|
||||||
|
oom_score = -999
|
||||||
|
[grpc]
|
||||||
|
address = "/run/containerd/containerd.sock"
|
||||||
|
uid = 0
|
||||||
|
gid = 0
|
||||||
|
[plugins."io.containerd.grpc.v1.cri"]
|
||||||
|
enable_selinux = true
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||||
|
runtime_type = "io.containerd.runc.v2"
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||||
|
SystemdCgroup = true
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: core
|
- name: core
|
||||||
|
|
|
@ -3,7 +3,7 @@ variant: fcos
|
||||||
version: 1.4.0
|
version: 1.4.0
|
||||||
systemd:
|
systemd:
|
||||||
units:
|
units:
|
||||||
- name: docker.service
|
- name: containerd.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: wait-for-dns.service
|
- name: wait-for-dns.service
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -47,7 +47,7 @@ systemd:
|
||||||
--volume /run:/run \
|
--volume /run:/run \
|
||||||
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
||||||
--volume /var/lib/calico:/var/lib/calico:ro \
|
--volume /var/lib/calico:/var/lib/calico:ro \
|
||||||
--volume /var/lib/docker:/var/lib/docker \
|
--volume /var/lib/containerd:/var/lib/containerd \
|
||||||
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
|
@ -59,6 +59,8 @@ systemd:
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--cgroup-driver=systemd \
|
||||||
--cgroups-per-qos=true \
|
--cgroups-per-qos=true \
|
||||||
|
--container-runtime=remote \
|
||||||
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
--enforce-node-allocatable=pods \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
--client-ca-file=/etc/kubernetes/ca.crt \
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
--cluster_dns=${cluster_dns_service_ip} \
|
||||||
|
@ -131,9 +133,27 @@ storage:
|
||||||
DefaultMemoryAccounting=yes
|
DefaultMemoryAccounting=yes
|
||||||
DefaultBlockIOAccounting=yes
|
DefaultBlockIOAccounting=yes
|
||||||
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
||||||
|
- path: /etc/containerd/config.toml
|
||||||
|
overwrite: true
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
version = 2
|
||||||
|
root = "/var/lib/containerd"
|
||||||
|
state = "/run/containerd"
|
||||||
|
subreaper = true
|
||||||
|
oom_score = -999
|
||||||
|
[grpc]
|
||||||
|
address = "/run/containerd/containerd.sock"
|
||||||
|
uid = 0
|
||||||
|
gid = 0
|
||||||
|
[plugins."io.containerd.grpc.v1.cri"]
|
||||||
|
enable_selinux = true
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||||
|
runtime_type = "io.containerd.runc.v2"
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||||
|
SystemdCgroup = true
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: core
|
- name: core
|
||||||
ssh_authorized_keys:
|
ssh_authorized_keys:
|
||||||
- ${ssh_authorized_key}
|
- ${ssh_authorized_key}
|
||||||
|
|
||||||
|
|
|
@ -29,7 +29,7 @@ systemd:
|
||||||
LimitNOFILE=40000
|
LimitNOFILE=40000
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
- name: docker.service
|
- name: containerd.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: wait-for-dns.service
|
- name: wait-for-dns.service
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -70,7 +70,7 @@ systemd:
|
||||||
--volume /run:/run \
|
--volume /run:/run \
|
||||||
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
||||||
--volume /var/lib/calico:/var/lib/calico:ro \
|
--volume /var/lib/calico:/var/lib/calico:ro \
|
||||||
--volume /var/lib/docker:/var/lib/docker \
|
--volume /var/lib/containerd:/var/lib/containerd \
|
||||||
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
|
@ -82,6 +82,8 @@ systemd:
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--cgroup-driver=systemd \
|
||||||
--cgroups-per-qos=true \
|
--cgroups-per-qos=true \
|
||||||
|
--container-runtime=remote \
|
||||||
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
--enforce-node-allocatable=pods \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
--client-ca-file=/etc/kubernetes/ca.crt \
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
--cluster_dns=${cluster_dns_service_ip} \
|
||||||
|
@ -214,6 +216,25 @@ storage:
|
||||||
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
||||||
ETCD_PEER_CLIENT_CERT_AUTH=true
|
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||||
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
||||||
|
- path: /etc/containerd/config.toml
|
||||||
|
overwrite: true
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
version = 2
|
||||||
|
root = "/var/lib/containerd"
|
||||||
|
state = "/run/containerd"
|
||||||
|
subreaper = true
|
||||||
|
oom_score = -999
|
||||||
|
[grpc]
|
||||||
|
address = "/run/containerd/containerd.sock"
|
||||||
|
uid = 0
|
||||||
|
gid = 0
|
||||||
|
[plugins."io.containerd.grpc.v1.cri"]
|
||||||
|
enable_selinux = true
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||||
|
runtime_type = "io.containerd.runc.v2"
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||||
|
SystemdCgroup = true
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: core
|
- name: core
|
||||||
|
|
|
@ -3,7 +3,7 @@ variant: fcos
|
||||||
version: 1.4.0
|
version: 1.4.0
|
||||||
systemd:
|
systemd:
|
||||||
units:
|
units:
|
||||||
- name: docker.service
|
- name: containerd.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: wait-for-dns.service
|
- name: wait-for-dns.service
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -43,7 +43,7 @@ systemd:
|
||||||
--volume /run:/run \
|
--volume /run:/run \
|
||||||
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
||||||
--volume /var/lib/calico:/var/lib/calico:ro \
|
--volume /var/lib/calico:/var/lib/calico:ro \
|
||||||
--volume /var/lib/docker:/var/lib/docker \
|
--volume /var/lib/containerd:/var/lib/containerd \
|
||||||
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
|
@ -55,6 +55,8 @@ systemd:
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--cgroup-driver=systemd \
|
||||||
--cgroups-per-qos=true \
|
--cgroups-per-qos=true \
|
||||||
|
--container-runtime=remote \
|
||||||
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
--enforce-node-allocatable=pods \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
--client-ca-file=/etc/kubernetes/ca.crt \
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
--cluster_dns=${cluster_dns_service_ip} \
|
||||||
|
@ -126,10 +128,28 @@ storage:
|
||||||
DefaultMemoryAccounting=yes
|
DefaultMemoryAccounting=yes
|
||||||
DefaultBlockIOAccounting=yes
|
DefaultBlockIOAccounting=yes
|
||||||
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
||||||
|
- path: /etc/containerd/config.toml
|
||||||
|
overwrite: true
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
version = 2
|
||||||
|
root = "/var/lib/containerd"
|
||||||
|
state = "/run/containerd"
|
||||||
|
subreaper = true
|
||||||
|
oom_score = -999
|
||||||
|
[grpc]
|
||||||
|
address = "/run/containerd/containerd.sock"
|
||||||
|
uid = 0
|
||||||
|
gid = 0
|
||||||
|
[plugins."io.containerd.grpc.v1.cri"]
|
||||||
|
enable_selinux = true
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||||
|
runtime_type = "io.containerd.runc.v2"
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||||
|
SystemdCgroup = true
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: core
|
- name: core
|
||||||
ssh_authorized_keys:
|
ssh_authorized_keys:
|
||||||
- ${ssh_authorized_key}
|
- ${ssh_authorized_key}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -29,7 +29,7 @@ systemd:
|
||||||
LimitNOFILE=40000
|
LimitNOFILE=40000
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
- name: docker.service
|
- name: containerd.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: wait-for-dns.service
|
- name: wait-for-dns.service
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -69,7 +69,7 @@ systemd:
|
||||||
--volume /run:/run \
|
--volume /run:/run \
|
||||||
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
||||||
--volume /var/lib/calico:/var/lib/calico:ro \
|
--volume /var/lib/calico:/var/lib/calico:ro \
|
||||||
--volume /var/lib/docker:/var/lib/docker \
|
--volume /var/lib/containerd:/var/lib/containerd \
|
||||||
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
|
@ -81,6 +81,8 @@ systemd:
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--cgroup-driver=systemd \
|
||||||
--cgroups-per-qos=true \
|
--cgroups-per-qos=true \
|
||||||
|
--container-runtime=remote \
|
||||||
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
--enforce-node-allocatable=pods \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
--client-ca-file=/etc/kubernetes/ca.crt \
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
--cluster_dns=${cluster_dns_service_ip} \
|
||||||
|
@ -224,6 +226,25 @@ storage:
|
||||||
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
||||||
ETCD_PEER_CLIENT_CERT_AUTH=true
|
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||||
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
||||||
|
- path: /etc/containerd/config.toml
|
||||||
|
overwrite: true
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
version = 2
|
||||||
|
root = "/var/lib/containerd"
|
||||||
|
state = "/run/containerd"
|
||||||
|
subreaper = true
|
||||||
|
oom_score = -999
|
||||||
|
[grpc]
|
||||||
|
address = "/run/containerd/containerd.sock"
|
||||||
|
uid = 0
|
||||||
|
gid = 0
|
||||||
|
[plugins."io.containerd.grpc.v1.cri"]
|
||||||
|
enable_selinux = true
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||||
|
runtime_type = "io.containerd.runc.v2"
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||||
|
SystemdCgroup = true
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: core
|
- name: core
|
||||||
|
|
|
@ -3,7 +3,7 @@ variant: fcos
|
||||||
version: 1.4.0
|
version: 1.4.0
|
||||||
systemd:
|
systemd:
|
||||||
units:
|
units:
|
||||||
- name: docker.service
|
- name: containerd.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: wait-for-dns.service
|
- name: wait-for-dns.service
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -42,7 +42,7 @@ systemd:
|
||||||
--volume /run:/run \
|
--volume /run:/run \
|
||||||
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
||||||
--volume /var/lib/calico:/var/lib/calico:ro \
|
--volume /var/lib/calico:/var/lib/calico:ro \
|
||||||
--volume /var/lib/docker:/var/lib/docker \
|
--volume /var/lib/containerd:/var/lib/containerd \
|
||||||
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
|
@ -54,6 +54,8 @@ systemd:
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--cgroup-driver=systemd \
|
||||||
--cgroups-per-qos=true \
|
--cgroups-per-qos=true \
|
||||||
|
--container-runtime=remote \
|
||||||
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
--enforce-node-allocatable=pods \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
--client-ca-file=/etc/kubernetes/ca.crt \
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
--cluster_dns=${cluster_dns_service_ip} \
|
||||||
|
@ -122,6 +124,25 @@ storage:
|
||||||
DefaultMemoryAccounting=yes
|
DefaultMemoryAccounting=yes
|
||||||
DefaultBlockIOAccounting=yes
|
DefaultBlockIOAccounting=yes
|
||||||
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
||||||
|
- path: /etc/containerd/config.toml
|
||||||
|
overwrite: true
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
version = 2
|
||||||
|
root = "/var/lib/containerd"
|
||||||
|
state = "/run/containerd"
|
||||||
|
subreaper = true
|
||||||
|
oom_score = -999
|
||||||
|
[grpc]
|
||||||
|
address = "/run/containerd/containerd.sock"
|
||||||
|
uid = 0
|
||||||
|
gid = 0
|
||||||
|
[plugins."io.containerd.grpc.v1.cri"]
|
||||||
|
enable_selinux = true
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||||
|
runtime_type = "io.containerd.runc.v2"
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||||
|
SystemdCgroup = true
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: core
|
- name: core
|
||||||
|
|
|
@ -29,7 +29,7 @@ systemd:
|
||||||
LimitNOFILE=40000
|
LimitNOFILE=40000
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
- name: docker.service
|
- name: containerd.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: wait-for-dns.service
|
- name: wait-for-dns.service
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -72,7 +72,7 @@ systemd:
|
||||||
--volume /run:/run \
|
--volume /run:/run \
|
||||||
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
||||||
--volume /var/lib/calico:/var/lib/calico:ro \
|
--volume /var/lib/calico:/var/lib/calico:ro \
|
||||||
--volume /var/lib/docker:/var/lib/docker \
|
--volume /var/lib/containerd:/var/lib/containerd \
|
||||||
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
|
@ -84,6 +84,8 @@ systemd:
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--cgroup-driver=systemd \
|
||||||
--cgroups-per-qos=true \
|
--cgroups-per-qos=true \
|
||||||
|
--container-runtime=remote \
|
||||||
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
--enforce-node-allocatable=pods \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
--client-ca-file=/etc/kubernetes/ca.crt \
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
--cluster_dns=${cluster_dns_service_ip} \
|
||||||
|
@ -221,4 +223,23 @@ storage:
|
||||||
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
||||||
ETCD_PEER_CLIENT_CERT_AUTH=true
|
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||||
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
||||||
|
- path: /etc/containerd/config.toml
|
||||||
|
overwrite: true
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
version = 2
|
||||||
|
root = "/var/lib/containerd"
|
||||||
|
state = "/run/containerd"
|
||||||
|
subreaper = true
|
||||||
|
oom_score = -999
|
||||||
|
[grpc]
|
||||||
|
address = "/run/containerd/containerd.sock"
|
||||||
|
uid = 0
|
||||||
|
gid = 0
|
||||||
|
[plugins."io.containerd.grpc.v1.cri"]
|
||||||
|
enable_selinux = true
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||||
|
runtime_type = "io.containerd.runc.v2"
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||||
|
SystemdCgroup = true
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@ variant: fcos
|
||||||
version: 1.4.0
|
version: 1.4.0
|
||||||
systemd:
|
systemd:
|
||||||
units:
|
units:
|
||||||
- name: docker.service
|
- name: containerd.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: wait-for-dns.service
|
- name: wait-for-dns.service
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -46,7 +46,7 @@ systemd:
|
||||||
--volume /run:/run \
|
--volume /run:/run \
|
||||||
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
||||||
--volume /var/lib/calico:/var/lib/calico:ro \
|
--volume /var/lib/calico:/var/lib/calico:ro \
|
||||||
--volume /var/lib/docker:/var/lib/docker \
|
--volume /var/lib/containerd:/var/lib/containerd \
|
||||||
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
|
@ -58,6 +58,8 @@ systemd:
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--cgroup-driver=systemd \
|
||||||
--cgroups-per-qos=true \
|
--cgroups-per-qos=true \
|
||||||
|
--container-runtime=remote \
|
||||||
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
--enforce-node-allocatable=pods \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
--client-ca-file=/etc/kubernetes/ca.crt \
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
--cluster_dns=${cluster_dns_service_ip} \
|
||||||
|
@ -128,3 +130,22 @@ storage:
|
||||||
DefaultMemoryAccounting=yes
|
DefaultMemoryAccounting=yes
|
||||||
DefaultBlockIOAccounting=yes
|
DefaultBlockIOAccounting=yes
|
||||||
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
||||||
|
- path: /etc/containerd/config.toml
|
||||||
|
overwrite: true
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
version = 2
|
||||||
|
root = "/var/lib/containerd"
|
||||||
|
state = "/run/containerd"
|
||||||
|
subreaper = true
|
||||||
|
oom_score = -999
|
||||||
|
[grpc]
|
||||||
|
address = "/run/containerd/containerd.sock"
|
||||||
|
uid = 0
|
||||||
|
gid = 0
|
||||||
|
[plugins."io.containerd.grpc.v1.cri"]
|
||||||
|
enable_selinux = true
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||||
|
runtime_type = "io.containerd.runc.v2"
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||||
|
SystemdCgroup = true
|
||||||
|
|
|
@ -29,7 +29,7 @@ systemd:
|
||||||
LimitNOFILE=40000
|
LimitNOFILE=40000
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
- name: docker.service
|
- name: containerd.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: wait-for-dns.service
|
- name: wait-for-dns.service
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -70,7 +70,7 @@ systemd:
|
||||||
--volume /run:/run \
|
--volume /run:/run \
|
||||||
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
||||||
--volume /var/lib/calico:/var/lib/calico:ro \
|
--volume /var/lib/calico:/var/lib/calico:ro \
|
||||||
--volume /var/lib/docker:/var/lib/docker \
|
--volume /var/lib/containerd:/var/lib/containerd \
|
||||||
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
|
@ -82,6 +82,8 @@ systemd:
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--cgroup-driver=systemd \
|
||||||
--cgroups-per-qos=true \
|
--cgroups-per-qos=true \
|
||||||
|
--container-runtime=remote \
|
||||||
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
--enforce-node-allocatable=pods \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
--client-ca-file=/etc/kubernetes/ca.crt \
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
--cluster_dns=${cluster_dns_service_ip} \
|
||||||
|
@ -214,6 +216,25 @@ storage:
|
||||||
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
||||||
ETCD_PEER_CLIENT_CERT_AUTH=true
|
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||||
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
||||||
|
- path: /etc/containerd/config.toml
|
||||||
|
overwrite: true
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
version = 2
|
||||||
|
root = "/var/lib/containerd"
|
||||||
|
state = "/run/containerd"
|
||||||
|
subreaper = true
|
||||||
|
oom_score = -999
|
||||||
|
[grpc]
|
||||||
|
address = "/run/containerd/containerd.sock"
|
||||||
|
uid = 0
|
||||||
|
gid = 0
|
||||||
|
[plugins."io.containerd.grpc.v1.cri"]
|
||||||
|
enable_selinux = true
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||||
|
runtime_type = "io.containerd.runc.v2"
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||||
|
SystemdCgroup = true
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: core
|
- name: core
|
||||||
|
|
|
@ -3,7 +3,7 @@ variant: fcos
|
||||||
version: 1.4.0
|
version: 1.4.0
|
||||||
systemd:
|
systemd:
|
||||||
units:
|
units:
|
||||||
- name: docker.service
|
- name: containerd.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: wait-for-dns.service
|
- name: wait-for-dns.service
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -43,7 +43,7 @@ systemd:
|
||||||
--volume /run:/run \
|
--volume /run:/run \
|
||||||
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
--volume /sys/fs/cgroup:/sys/fs/cgroup \
|
||||||
--volume /var/lib/calico:/var/lib/calico:ro \
|
--volume /var/lib/calico:/var/lib/calico:ro \
|
||||||
--volume /var/lib/docker:/var/lib/docker \
|
--volume /var/lib/containerd:/var/lib/containerd \
|
||||||
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
--volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
|
@ -55,6 +55,8 @@ systemd:
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--cgroup-driver=systemd \
|
||||||
--cgroups-per-qos=true \
|
--cgroups-per-qos=true \
|
||||||
|
--container-runtime=remote \
|
||||||
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
--enforce-node-allocatable=pods \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
--client-ca-file=/etc/kubernetes/ca.crt \
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
--cluster_dns=${cluster_dns_service_ip} \
|
||||||
|
@ -126,6 +128,25 @@ storage:
|
||||||
DefaultMemoryAccounting=yes
|
DefaultMemoryAccounting=yes
|
||||||
DefaultBlockIOAccounting=yes
|
DefaultBlockIOAccounting=yes
|
||||||
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
- path: /etc/fedora-coreos/iptables-legacy.stamp
|
||||||
|
- path: /etc/containerd/config.toml
|
||||||
|
overwrite: true
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
version = 2
|
||||||
|
root = "/var/lib/containerd"
|
||||||
|
state = "/run/containerd"
|
||||||
|
subreaper = true
|
||||||
|
oom_score = -999
|
||||||
|
[grpc]
|
||||||
|
address = "/run/containerd/containerd.sock"
|
||||||
|
uid = 0
|
||||||
|
gid = 0
|
||||||
|
[plugins."io.containerd.grpc.v1.cri"]
|
||||||
|
enable_selinux = true
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||||
|
runtime_type = "io.containerd.runc.v2"
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||||
|
SystemdCgroup = true
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: core
|
- name: core
|
||||||
|
|
Loading…
Reference in New Issue