Flatcar icon indicating copy to clipboard operation
Flatcar copied to clipboard
verified publisher icon flatcar

[RFE] Include certs.d registry plugin in containerd config.toml

Open mleklund opened this issue 4 years ago • 3 comments

Current situation

I currently customize my containerd config.toml just to add the following settings:

[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"

My testing shows that containerd does not care if the directory does not exist, but I certainly would welcome further testing.

Impact

I have to add a custom containerd config that might not keep compatibility with upstream, simply so I can add custom registries or proxies.

Ideal future situation

To have a way of customizing a section of containerd's config.toml without replacing the whole file, which then also requires a dropin for the containerd service.

Either to have the plugin registry snippit added to the main config, or

**Implementation options

(tested) add the following snippet to config.toml, which does not seem to care if the directory does not exist:

[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"

(untested) to have an imports section that points to a custom config area such as:

imports = ["/etc/containerd/runtime_*.toml"]`

mleklund avatar Dec 20 '21 19:12 mleklund

Hi, good idea. I agree that the imports directive could be a general good point for customization without "forking" the whole config. We need to do some experiments to know how the import behaves. The filenames could be prefixed with custom_ or overwrite_ to know that it's not a file generated by the system.

pothos avatar Dec 21 '21 17:12 pothos

I'll attempt to do some independent testing on imports before the holiday, and report my findings back.

mleklund avatar Dec 21 '21 18:12 mleklund

My testing shows the following config works exactly as we would like, when /etc/containerd/custom_*.toml files exist and when they do not.

version = 2
imports = ["/etc/containerd/custom_*.toml"]
# persistent data location
root = "/var/lib/containerd"
# runtime state information
state = "/run/containerd"
# set containerd as a subreaper on linux when it is not running as PID 1
subreaper = true
# set containerd's OOM score
oom_score = -999
disabled_plugins = []

# grpc configuration
[grpc]
address = "/run/containerd/containerd.sock"
# socket uid
uid = 0
# socket gid
gid = 0

[plugins."containerd.runtime.v1.linux"]
# shim binary name/path
shim = "containerd-shim"
# runtime binary name/path
runtime = "runc"
# do not use a shim when starting containers, saves on memory but
# live restore is not supported
no_shim = false

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
# setting runc.options unsets parent settings
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true

mleklund avatar Dec 22 '21 15:12 mleklund