diff --git a/deploy/iso/minikube-iso/arch/aarch64/package/Config.in b/deploy/iso/minikube-iso/arch/aarch64/package/Config.in index 2d00627368..f893f6e585 100644 --- a/deploy/iso/minikube-iso/arch/aarch64/package/Config.in +++ b/deploy/iso/minikube-iso/arch/aarch64/package/Config.in @@ -1,4 +1,5 @@ menu "System tools" + source "$BR2_EXTERNAL_MINIKUBE_PATH/arch/aarch64/package/crio-bin-aarch64/Config.in" source "$BR2_EXTERNAL_MINIKUBE_PATH/arch/aarch64/package/crictl-bin-aarch64/Config.in" source "$BR2_EXTERNAL_MINIKUBE_PATH/arch/aarch64/package/docker-bin-aarch64/Config.in" source "$BR2_EXTERNAL_MINIKUBE_PATH/arch/aarch64/package/cri-dockerd-aarch64/Config.in" diff --git a/deploy/iso/minikube-iso/package/crio-bin/02-crio.conf b/deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/02-crio.conf similarity index 100% rename from deploy/iso/minikube-iso/package/crio-bin/02-crio.conf rename to deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/02-crio.conf diff --git a/deploy/iso/minikube-iso/package/crio-bin/Config.in b/deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/Config.in similarity index 100% rename from deploy/iso/minikube-iso/package/crio-bin/Config.in rename to deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/Config.in diff --git a/deploy/iso/minikube-iso/package/crio-bin/conmon-config.h b/deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/conmon-config.h similarity index 100% rename from deploy/iso/minikube-iso/package/crio-bin/conmon-config.h rename to deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/conmon-config.h diff --git a/deploy/iso/minikube-iso/package/crio-bin/crio-bin.hash b/deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/crio-bin.hash similarity index 100% rename from deploy/iso/minikube-iso/package/crio-bin/crio-bin.hash rename to deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/crio-bin.hash diff --git a/deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/crio-bin.mk b/deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/crio-bin.mk new file mode 100644 index 0000000000..ac3d00d9b4 --- /dev/null +++ b/deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/crio-bin.mk @@ -0,0 +1,80 @@ +################################################################################ +# +# cri-o +# +################################################################################ + +CRIO_BIN_VERSION = v1.22.3 +CRIO_BIN_COMMIT = d93b2dfb8d0f2ad0f8b9061d941e3b216baa5814 +CRIO_BIN_SITE = https://github.com/cri-o/cri-o/archive +CRIO_BIN_SOURCE = $(CRIO_BIN_VERSION).tar.gz +CRIO_BIN_DEPENDENCIES = host-go libgpgme +CRIO_BIN_GOPATH = $(@D)/_output +CRIO_BIN_ENV = \ + $(GO_TARGET_ENV) \ + CGO_ENABLED=1 \ + GO111MODULE=off \ + GOPATH="$(CRIO_BIN_GOPATH)" \ + GOBIN="$(CRIO_BIN_GOPATH)/bin" \ + PATH=$(CRIO_BIN_GOPATH)/bin:$(BR_PATH) \ + GOARCH=arm64 + + +define CRIO_BIN_USERS + - -1 crio-admin -1 - - - - - + - -1 crio -1 - - - - - +endef + +define CRIO_BIN_CONFIGURE_CMDS + mkdir -p $(CRIO_BIN_GOPATH)/src/github.com/cri-o + ln -sf $(@D) $(CRIO_BIN_GOPATH)/src/github.com/cri-o/cri-o + # disable the "automatic" go module detection + sed -e 's/go help mod/false/' -i $(@D)/Makefile +endef + +define CRIO_BIN_BUILD_CMDS + mkdir -p $(@D)/bin + $(CRIO_BIN_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D) COMMIT_NO=$(CRIO_BIN_COMMIT) PREFIX=/usr binaries +endef + +define CRIO_BIN_INSTALL_TARGET_CMDS + mkdir -p $(TARGET_DIR)/usr/share/containers/oci/hooks.d + mkdir -p $(TARGET_DIR)/etc/containers/oci/hooks.d + mkdir -p $(TARGET_DIR)/etc/crio/crio.conf.d + + $(INSTALL) -Dm755 \ + $(@D)/bin/crio \ + $(TARGET_DIR)/usr/bin/crio + $(INSTALL) -Dm755 \ + $(@D)/bin/pinns \ + $(TARGET_DIR)/usr/bin/pinns + $(INSTALL) -Dm644 \ + $(CRIO_BIN_PKGDIR)/crio.conf \ + $(TARGET_DIR)/etc/crio/crio.conf + $(INSTALL) -Dm644 \ + $(CRIO_BIN_PKGDIR)/policy.json \ + $(TARGET_DIR)/etc/containers/policy.json + $(INSTALL) -Dm644 \ + $(CRIO_BIN_PKGDIR)/registries.conf \ + $(TARGET_DIR)/etc/containers/registries.conf + $(INSTALL) -Dm644 \ + $(CRIO_BIN_PKGDIR)/02-crio.conf \ + $(TARGET_DIR)/etc/crio/crio.conf.d/02-crio.conf + + mkdir -p $(TARGET_DIR)/etc/sysconfig + echo 'CRIO_OPTIONS="--log-level=debug"' > $(TARGET_DIR)/etc/sysconfig/crio +endef + +define CRIO_BIN_INSTALL_INIT_SYSTEMD + $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D) install.systemd DESTDIR=$(TARGET_DIR) PREFIX=$(TARGET_DIR)/usr + $(INSTALL) -Dm644 \ + $(CRIO_BIN_PKGDIR)/crio.service \ + $(TARGET_DIR)/usr/lib/systemd/system/crio.service + $(INSTALL) -Dm644 \ + $(CRIO_BIN_PKGDIR)/crio-wipe.service \ + $(TARGET_DIR)/usr/lib/systemd/system/crio-wipe.service + $(call link-service,crio.service) + $(call link-service,crio-shutdown.service) +endef + +$(eval $(generic-package)) diff --git a/deploy/iso/minikube-iso/package/crio-bin/crio-wipe.service b/deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/crio-wipe.service similarity index 100% rename from deploy/iso/minikube-iso/package/crio-bin/crio-wipe.service rename to deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/crio-wipe.service diff --git a/deploy/iso/minikube-iso/package/crio-bin/crio.conf b/deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/crio.conf similarity index 100% rename from deploy/iso/minikube-iso/package/crio-bin/crio.conf rename to deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/crio.conf diff --git a/deploy/iso/minikube-iso/package/crio-bin/crio.conf.default b/deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/crio.conf.default similarity index 100% rename from deploy/iso/minikube-iso/package/crio-bin/crio.conf.default rename to deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/crio.conf.default diff --git a/deploy/iso/minikube-iso/package/crio-bin/crio.service b/deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/crio.service similarity index 100% rename from deploy/iso/minikube-iso/package/crio-bin/crio.service rename to deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/crio.service diff --git a/deploy/iso/minikube-iso/package/crio-bin/policy.json b/deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/policy.json similarity index 100% rename from deploy/iso/minikube-iso/package/crio-bin/policy.json rename to deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/policy.json diff --git a/deploy/iso/minikube-iso/package/crio-bin/registries.conf b/deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/registries.conf similarity index 100% rename from deploy/iso/minikube-iso/package/crio-bin/registries.conf rename to deploy/iso/minikube-iso/arch/aarch64/package/crio-bin-aarch64/registries.conf diff --git a/deploy/iso/minikube-iso/arch/x86_64/package/Config.in b/deploy/iso/minikube-iso/arch/x86_64/package/Config.in index f2da3a4f8c..c7fedb889f 100644 --- a/deploy/iso/minikube-iso/arch/x86_64/package/Config.in +++ b/deploy/iso/minikube-iso/arch/x86_64/package/Config.in @@ -1,4 +1,5 @@ menu "System tools" + source "$BR2_EXTERNAL_MINIKUBE_PATH/arch/x86_64/package/crio-bin/Config.in" source "$BR2_EXTERNAL_MINIKUBE_PATH/arch/x86_64/package/crictl-bin/Config.in" source "$BR2_EXTERNAL_MINIKUBE_PATH/arch/x86_64/package/docker-bin-x86_64/Config.in" source "$BR2_EXTERNAL_MINIKUBE_PATH/arch/x86_64/package/cri-dockerd/Config.in" diff --git a/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/02-crio.conf b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/02-crio.conf new file mode 100644 index 0000000000..cfeb6ed70b --- /dev/null +++ b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/02-crio.conf @@ -0,0 +1,8 @@ +[crio.image] +# pause_image = "" + +[crio.network] +# cni_default_network = "" + +[crio.runtime] +# cgroup_manager = "" diff --git a/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/Config.in b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/Config.in new file mode 100644 index 0000000000..a933e5cda8 --- /dev/null +++ b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/Config.in @@ -0,0 +1,19 @@ +config BR2_PACKAGE_CRIO_BIN + bool "crio-bin" + default y + depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS + depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS + depends on BR2_TOOLCHAIN_HAS_THREADS + depends on BR2_USE_MMU # lvm2 + depends on !BR2_STATIC_LIBS # lvm2 + depends on !BR2_TOOLCHAIN_USES_MUSL # lvm2 + select BR2_PACKAGE_RUNC_MASTER + select BR2_PACKAGE_CRUN + select BR2_PACKAGE_CONMON + select BR2_PACKAGE_BTRFS_PROGS + select BR2_PACKAGE_LIBSECCOMP + select BR2_PACKAGE_LIBGPGME + select BR2_PACKAGE_LVM2 + select BR2_PACKAGE_LVM2_APP_LIBRARY + select BR2_PACKAGE_UTIL_LINUX_LIBMOUNT + select BR2_PACKAGE_LIBGLIB2 diff --git a/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/conmon-config.h b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/conmon-config.h new file mode 100755 index 0000000000..1783492d0d --- /dev/null +++ b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/conmon-config.h @@ -0,0 +1,9 @@ + +#if !defined(CONFIG_H) +#define CONFIG_H + +#define BUF_SIZE 8192 +#define STDIO_BUF_SIZE 8192 +#define DEFAULT_SOCKET_PATH "/var/run/crio" + +#endif // CONFIG_H diff --git a/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio-bin.hash b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio-bin.hash new file mode 100644 index 0000000000..82c62806a8 --- /dev/null +++ b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio-bin.hash @@ -0,0 +1,28 @@ +sha256 d310d52706262009af886dbd3e8dcd09a339cdc3b57dc22a9121e6d6a87d2921 v1.8.4.tar.gz +sha256 9f79cee99e272c9cfc561ae31235d84d4da59fd5c8b3d3ab6623bf9a92d90c5a v1.10.0.tar.gz +sha256 09e53fd550f4f10108879131ee6b8ef1c367ce71a73dcf6350c4cc898751d8c1 v1.11.8.tar.gz +sha256 92588998dbb79002c38f65f84602b5659f0d0ef1cd36b1a568a2e40269b66816 v1.13.0.tar.gz +sha256 48e7cf64a757d62a3edf214e1b93b74d99f090ca924f956ede2494a260eab2db v1.13.1.tar.gz +sha256 7435c4745017f06c260973b049440d924efe65b0df008d14175dfb8f5e23b599 v1.14.0.tar.gz +sha256 1f6f72b1f89d4286b2d5b54a48f4d5ed4c0c01065d484635dcb343a706feb743 v1.14.1.tar.gz +sha256 f7041a92e2d3a4c341be8df58f1076ba57ecb5daa02b6c65e652530c5f242739 v1.15.0.tar.gz +sha256 6218a99877da9b9895e0088944731f5384803c15628d4b3c6b40ba1ddd39e052 v1.15.1.tar.gz +sha256 70d4c746fe207422c78420dc4239768f485eea639a38c993c02872ec6305dd1d v1.15.2.tar.gz +sha256 05f9614c4d5970b4662499b84c270b0ab953596ee863dcd09c9dc7a2d2f09789 v1.16.0.tar.gz +sha256 57e1ee990ef2d5af8b32c33a21b4998682608e3556dcf1d3349666f55e7d95b9 v1.16.1.tar.gz +sha256 23a797762e4544ee7c171ef138cfc1141a3f0acc2838d9965c2a58e53b16c3ae v1.17.0.tar.gz +sha256 7967e9218fdfb59d6005a9e19c1668469bc5566c2a35927cffe7de8656bb22c7 v1.17.1.tar.gz +sha256 336f5c275e260eaae8187e7250fb960441e8dc90615729354d3c04e699870982 v1.17.3.tar.gz +sha256 865ded95aceb3a33a391b252522682de6b37b39498704c490b3a321dbefaafcb v1.18.0.tar.gz +sha256 794ddc36c2a20fde91fc6cc2c6f02ebdaea85c69b51b67f3994090dbbdbc2a50 v1.18.1.tar.gz +sha256 25dc558fbabc987bd58c7eab5230121b258a7b0eb34a49dc6595f1c6f3969116 v1.18.2.tar.gz +sha256 d5c6442e3990938badc966cdd1eb9ebe2fc11345452c233aa0d87ca38fbeed81 v1.18.3.tar.gz +sha256 74a4e916acddc6cf47ab5752bdebb6732ce2c028505ef57b7edc21d2da9039b6 v1.18.4.tar.gz +sha256 fc8a8e61375e3ce30563eeb0fd6534c4f48fc20300a72e6ff51cc99cb2703516 v1.19.0.tar.gz +sha256 6165c5b8212ea03be2a465403177318bfe25a54c3e8d66d720344643913a0223 v1.19.1.tar.gz +sha256 76fd7543bc92d4364a11060f43a5131893a76c6e6e9d6de3a6bb6292c110b631 v1.20.0.tar.gz +sha256 36d9f4cf4966342e2d4099e44d8156c55c6a10745c67ce4f856aa9f6dcc2d9ba v1.20.2.tar.gz +sha256 bc53ea8977e252bd9812974c33ff654ee22076598e901464468c5c105a5ef773 v1.22.0.tar.gz +sha256 6e1c0e393cd16af907fabb24e4cc068e27c606c5f1071060d46efdcd29cb5c0d v1.22.1.tar.gz +sha256 34097a0f535aa79cf990aaee5d3ff6226663587b188cbee11089f120e7f869e4 v1.22.2.tar.gz +sha256 52836549cfa27a688659576be9266f4837357a6fa162b1d0a05fa8da62c724b3 v1.22.3.tar.gz diff --git a/deploy/iso/minikube-iso/package/crio-bin/crio-bin.mk b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio-bin.mk similarity index 100% rename from deploy/iso/minikube-iso/package/crio-bin/crio-bin.mk rename to deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio-bin.mk diff --git a/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio-wipe.service b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio-wipe.service new file mode 100644 index 0000000000..1389fa9e29 --- /dev/null +++ b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio-wipe.service @@ -0,0 +1,20 @@ +[Unit] +Description=CRI-O Auto Update Script +Before=crio.service +After=minikube-automount.service +Requires=minikube-automount.service +RequiresMountsFor=/var/lib/containers + +[Service] +EnvironmentFile=-/etc/sysconfig/crio +EnvironmentFile=-/etc/sysconfig/crio.minikube +EnvironmentFile=/var/run/minikube/env +ExecStart=/usr/bin/crio \ + $CRIO_OPTIONS \ + $CRIO_MINIKUBE_OPTIONS \ + wipe + +Type=oneshot + +[Install] +WantedBy=multi-user.target diff --git a/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio.conf b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio.conf new file mode 100644 index 0000000000..fafaed67bc --- /dev/null +++ b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio.conf @@ -0,0 +1,409 @@ +# The CRI-O configuration file specifies all of the available configuration +# options and command-line flags for the crio(8) OCI Kubernetes Container Runtime +# daemon, but in a TOML format that can be more easily modified and versioned. +# +# Please refer to crio.conf(5) for details of all configuration options. + +# CRI-O supports partial configuration reload during runtime, which can be +# done by sending SIGHUP to the running process. Currently supported options +# are explicitly mentioned with: 'This option supports live configuration +# reload'. + +# CRI-O reads its storage defaults from the containers-storage.conf(5) file +# located at /etc/containers/storage.conf. Modify this storage configuration if +# you want to change the system's defaults. If you want to modify storage just +# for CRI-O, you can change the storage configuration options here. +[crio] + +# Path to the "root directory". CRI-O stores all of its data, including +# containers images, in this directory. +root = "/var/lib/containers/storage" + +# Path to the "run directory". CRI-O stores all of its state in this directory. +runroot = "/var/run/containers/storage" + +# Storage driver used to manage the storage of images and containers. Please +# refer to containers-storage.conf(5) to see all available storage drivers. +storage_driver = "overlay" + +# List to pass options to the storage driver. Please refer to +# containers-storage.conf(5) to see all available storage options. +#storage_option = [ +# "overlay.mountopt=nodev,metacopy=on", +#] + +# The default log directory where all logs will go unless directly specified by +# the kubelet. The log directory specified must be an absolute directory. +log_dir = "/var/log/crio/pods" + +# Location for CRI-O to lay down the temporary version file. +# It is used to check if crio wipe should wipe containers, which should +# always happen on a node reboot +version_file = "/var/run/crio/version" + +# Location for CRI-O to lay down the persistent version file. +# It is used to check if crio wipe should wipe images, which should +# only happen when CRI-O has been upgraded +version_file_persist = "/var/lib/crio/version" + +# The crio.api table contains settings for the kubelet/gRPC interface. +[crio.api] + +# Path to AF_LOCAL socket on which CRI-O will listen. +listen = "/var/run/crio/crio.sock" + +# IP address on which the stream server will listen. +stream_address = "127.0.0.1" + +# The port on which the stream server will listen. If the port is set to "0", then +# CRI-O will allocate a random free port number. +stream_port = "0" + +# Enable encrypted TLS transport of the stream server. +stream_enable_tls = false + +# Path to the x509 certificate file used to serve the encrypted stream. This +# file can change, and CRI-O will automatically pick up the changes within 5 +# minutes. +stream_tls_cert = "" + +# Path to the key file used to serve the encrypted stream. This file can +# change and CRI-O will automatically pick up the changes within 5 minutes. +stream_tls_key = "" + +# Path to the x509 CA(s) file used to verify and authenticate client +# communication with the encrypted stream. This file can change and CRI-O will +# automatically pick up the changes within 5 minutes. +stream_tls_ca = "" + +# Maximum grpc send message size in bytes. If not set or <=0, then CRI-O will default to 16 * 1024 * 1024. +grpc_max_send_msg_size = 16777216 + +# Maximum grpc receive message size. If not set or <= 0, then CRI-O will default to 16 * 1024 * 1024. +grpc_max_recv_msg_size = 16777216 + +# The crio.runtime table contains settings pertaining to the OCI runtime used +# and options for how to set up and manage the OCI runtime. +[crio.runtime] + +# A list of ulimits to be set in containers by default, specified as +# "=:", for example: +# "nofile=1024:2048" +# If nothing is set here, settings will be inherited from the CRI-O daemon +#default_ulimits = [ +#] + +# If true, the runtime will not use pivot_root, but instead use MS_MOVE. +no_pivot = false + +# decryption_keys_path is the path where the keys required for +# image decryption are stored. This option supports live configuration reload. +decryption_keys_path = "/etc/crio/keys/" + +# Path to the conmon binary, used for monitoring the OCI runtime. +# Will be searched for using $PATH if empty. +conmon = "/usr/libexec/crio/conmon" + +# Cgroup setting for conmon +conmon_cgroup = "system.slice" + +# Environment variable list for the conmon process, used for passing necessary +# environment variables to conmon or the runtime. +conmon_env = [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", +] + +# Additional environment variables to set for all the +# containers. These are overridden if set in the +# container image spec or in the container runtime configuration. +default_env = [ +] + +# If true, SELinux will be used for pod separation on the host. +selinux = false + +# Path to the seccomp.json profile which is used as the default seccomp profile +# for the runtime. If not specified, then the internal default seccomp profile +# will be used. This option supports live configuration reload. +seccomp_profile = "" + +# Changes the meaning of an empty seccomp profile. By default +# (and according to CRI spec), an empty profile means unconfined. +# This option tells CRI-O to treat an empty profile as the default profile, +# which might increase security. +seccomp_use_default_when_empty = false + +# Used to change the name of the default AppArmor profile of CRI-O. The default +# profile name is "crio-default". This profile only takes effect if the user +# does not specify a profile via the Kubernetes Pod's metadata annotation. If +# the profile is set to "unconfined", then this equals to disabling AppArmor. +# This option supports live configuration reload. +apparmor_profile = "crio-default" + +# Cgroup management implementation used for the runtime. +cgroup_manager = "systemd" + +# Specify whether the image pull must be performed in a separate cgroup. +separate_pull_cgroup = "" + +# List of default capabilities for containers. If it is empty or commented out, +# only the capabilities defined in the containers json file by the user/kube +# will be added. +default_capabilities = [ + "CHOWN", + "DAC_OVERRIDE", + "FSETID", + "FOWNER", + "SETGID", + "SETUID", + "SETPCAP", + "NET_BIND_SERVICE", + "KILL", +] + +# List of default sysctls. If it is empty or commented out, only the sysctls +# defined in the container json file by the user/kube will be added. +default_sysctls = [ +] + +# List of additional devices. specified as +# "::", for example: "--device=/dev/sdc:/dev/xvdc:rwm". +#If it is empty or commented out, only the devices +# defined in the container json file by the user/kube will be added. +additional_devices = [ +] + +# Path to OCI hooks directories for automatically executed hooks. If one of the +# directories does not exist, then CRI-O will automatically skip them. +hooks_dir = [ + "/usr/share/containers/oci/hooks.d", +] + +# Path to the file specifying the defaults mounts for each container. The +# format of the config is /SRC:/DST, one mount per line. Notice that CRI-O reads +# its default mounts from the following two files: +# +# 1) /etc/containers/mounts.conf (i.e., default_mounts_file): This is the +# override file, where users can either add in their own default mounts, or +# override the default mounts shipped with the package. +# +# 2) /usr/share/containers/mounts.conf: This is the default file read for +# mounts. If you want CRI-O to read from a different, specific mounts file, +# you can change the default_mounts_file. Note, if this is done, CRI-O will +# only add mounts it finds in this file. +# +#default_mounts_file = "" + +# Maximum number of processes allowed in a container. +pids_limit = 1024 + +# Maximum sized allowed for the container log file. Negative numbers indicate +# that no size limit is imposed. If it is positive, it must be >= 8192 to +# match/exceed conmon's read buffer. The file is truncated and re-opened so the +# limit is never exceeded. +log_size_max = -1 + +# Whether container output should be logged to journald in addition to the kuberentes log file +log_to_journald = false + +# Path to directory in which container exit files are written to by conmon. +container_exits_dir = "/var/run/crio/exits" + +# Path to directory for container attach sockets. +container_attach_socket_dir = "/var/run/crio" + +# The prefix to use for the source of the bind mounts. +bind_mount_prefix = "" + +# If set to true, all containers will run in read-only mode. +read_only = false + +# Changes the verbosity of the logs based on the level it is set to. Options +# are fatal, panic, error, warn, info, debug and trace. This option supports +# live configuration reload. +log_level = "info" + +# Filter the log messages by the provided regular expression. +# This option supports live configuration reload. +log_filter = "" + +# The UID mappings for the user namespace of each container. A range is +# specified in the form containerUID:HostUID:Size. Multiple ranges must be +# separated by comma. +uid_mappings = "" + +# The GID mappings for the user namespace of each container. A range is +# specified in the form containerGID:HostGID:Size. Multiple ranges must be +# separated by comma. +gid_mappings = "" + +# The minimal amount of time in seconds to wait before issuing a timeout +# regarding the proper termination of the container. The lowest possible +# value is 30s, whereas lower values are not considered by CRI-O. +ctr_stop_timeout = 30 + +# manage_ns_lifecycle determines whether we pin and remove namespaces +# and manage their lifecycle. +# This option is being deprecated, and will be unconditionally true in the future. +manage_ns_lifecycle = true + +# drop_infra_ctr determines whether CRI-O drops the infra container +# when a pod does not have a private PID namespace, and does not use +# a kernel separating runtime (like kata). +# It requires manage_ns_lifecycle to be true. +drop_infra_ctr = false + +# The directory where the state of the managed namespaces gets tracked. +# Only used when manage_ns_lifecycle is true. +namespaces_dir = "/var/run" + +# pinns_path is the path to find the pinns binary, which is needed to manage namespace lifecycle +pinns_path = "/usr/bin/pinns" + +# default_runtime is the _name_ of the OCI runtime to be used as the default. +# The name is matched against the runtimes map below. If this value is changed, +# the corresponding existing entry from the runtimes map below will be ignored. +default_runtime = "runc" + +# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes. +# The runtime to use is picked based on the runtime_handler provided by the CRI. +# If no runtime_handler is provided, the runtime will be picked based on the level +# of trust of the workload. Each entry in the table should follow the format: +# +#[crio.runtime.runtimes.runtime-handler] +# runtime_path = "/path/to/the/executable" +# runtime_type = "oci" +# runtime_root = "/path/to/the/root" +# privileged_without_host_devices = false +# allowed_annotations = [] +# Where: +# - runtime-handler: name used to identify the runtime +# - runtime_path (optional, string): absolute path to the runtime executable in +# the host filesystem. If omitted, the runtime-handler identifier should match +# the runtime executable name, and the runtime executable should be placed +# in $PATH. +# - runtime_type (optional, string): type of runtime, one of: "oci", "vm". If +# omitted, an "oci" runtime is assumed. +# - runtime_root (optional, string): root directory for storage of containers +# state. +# - privileged_without_host_devices (optional, bool): an option for restricting +# host devices from being passed to privileged containers. +# - allowed_annotations (optional, array of strings): an option for specifying +# a list of experimental annotations that this runtime handler is allowed to process. +# The currently recognized values are: +# "io.kubernetes.cri-o.userns-mode" for configuring a user namespace for the pod. +# "io.kubernetes.cri-o.Devices" for configuring devices for the pod. +# "io.kubernetes.cri-o.ShmSize" for configuring the size of /dev/shm. + + +[crio.runtime.runtimes.runc] +runtime_path = "/usr/bin/runc" +runtime_type = "oci" +runtime_root = "/run/runc" + + + + +# crun is a fast and lightweight fully featured OCI runtime and C library for +# running containers +#[crio.runtime.runtimes.crun] + +# Kata Containers is an OCI runtime, where containers are run inside lightweight +# VMs. Kata provides additional isolation towards the host, minimizing the host attack +# surface and mitigating the consequences of containers breakout. + +# Kata Containers with the default configured VMM +#[crio.runtime.runtimes.kata-runtime] + +# Kata Containers with the QEMU VMM +#[crio.runtime.runtimes.kata-qemu] + +# Kata Containers with the Firecracker VMM +#[crio.runtime.runtimes.kata-fc] + +# The crio.image table contains settings pertaining to the management of OCI images. +# +# CRI-O reads its configured registries defaults from the system wide +# containers-registries.conf(5) located in /etc/containers/registries.conf. If +# you want to modify just CRI-O, you can change the registries configuration in +# this file. Otherwise, leave insecure_registries and registries commented out to +# use the system's defaults from /etc/containers/registries.conf. +[crio.image] + +# Default transport for pulling images from a remote container storage. +default_transport = "docker://" + +# The path to a file containing credentials necessary for pulling images from +# secure registries. The file is similar to that of /var/lib/kubelet/config.json +global_auth_file = "" + +# The image used to instantiate infra containers. +# This option supports live configuration reload. +pause_image = "k8s.gcr.io/pause:3.2" + +# The path to a file containing credentials specific for pulling the pause_image from +# above. The file is similar to that of /var/lib/kubelet/config.json +# This option supports live configuration reload. +pause_image_auth_file = "" + +# The command to run to have a container stay in the paused state. +# When explicitly set to "", it will fallback to the entrypoint and command +# specified in the pause image. When commented out, it will fallback to the +# default: "/pause". This option supports live configuration reload. +pause_command = "/pause" + +# Path to the file which decides what sort of policy we use when deciding +# whether or not to trust an image that we've pulled. It is not recommended that +# this option be used, as the default behavior of using the system-wide default +# policy (i.e., /etc/containers/policy.json) is most often preferred. Please +# refer to containers-policy.json(5) for more details. +signature_policy = "" + +# List of registries to skip TLS verification for pulling images. Please +# consider configuring the registries via /etc/containers/registries.conf before +# changing them here. +#insecure_registries = "[]" + +# Controls how image volumes are handled. The valid values are mkdir, bind and +# ignore; the latter will ignore volumes entirely. +image_volumes = "mkdir" + +# List of registries to be used when pulling an unqualified image (e.g., +# "alpine:latest"). By default, registries is set to "docker.io" for +# compatibility reasons. Depending on your workload and usecase you may add more +# registries (e.g., "quay.io", "registry.fedoraproject.org", +# "registry.opensuse.org", etc.). +registries = [ + "docker.io" +] + +# Temporary directory to use for storing big files +big_files_temporary_dir = "" + +# The crio.network table containers settings pertaining to the management of +# CNI plugins. +[crio.network] + +# The default CNI network name to be selected. If not set or "", then +# CRI-O will pick-up the first one found in network_dir. +# cni_default_network = "" + +# Path to the directory where CNI configuration files are located. +network_dir = "/etc/cni/net.d/" + +# Paths to directories where CNI plugin binaries are located. +plugin_dirs = [ + "/opt/cni/bin/", +] + +# A necessary configuration for Prometheus based metrics retrieval +[crio.metrics] + +# Globally enable or disable metrics support. +enable_metrics = true + +# The port on which the metrics server will listen. +metrics_port = 9090 + +# Local socket path to bind the metrics server to +metrics_socket = "" diff --git a/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio.conf.default b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio.conf.default new file mode 100644 index 0000000000..25debfab9f --- /dev/null +++ b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio.conf.default @@ -0,0 +1,408 @@ +# The CRI-O configuration file specifies all of the available configuration +# options and command-line flags for the crio(8) OCI Kubernetes Container Runtime +# daemon, but in a TOML format that can be more easily modified and versioned. +# +# Please refer to crio.conf(5) for details of all configuration options. + +# CRI-O supports partial configuration reload during runtime, which can be +# done by sending SIGHUP to the running process. Currently supported options +# are explicitly mentioned with: 'This option supports live configuration +# reload'. + +# CRI-O reads its storage defaults from the containers-storage.conf(5) file +# located at /etc/containers/storage.conf. Modify this storage configuration if +# you want to change the system's defaults. If you want to modify storage just +# for CRI-O, you can change the storage configuration options here. +[crio] + +# Path to the "root directory". CRI-O stores all of its data, including +# containers images, in this directory. +#root = "/var/lib/containers/storage" + +# Path to the "run directory". CRI-O stores all of its state in this directory. +#runroot = "/var/run/containers/storage" + +# Storage driver used to manage the storage of images and containers. Please +# refer to containers-storage.conf(5) to see all available storage drivers. +#storage_driver = "" + +# List to pass options to the storage driver. Please refer to +# containers-storage.conf(5) to see all available storage options. +#storage_option = [ +# "overlay.mountopt=nodev,metacopy=on", +#] + +# The default log directory where all logs will go unless directly specified by +# the kubelet. The log directory specified must be an absolute directory. +log_dir = "/var/log/crio/pods" + +# Location for CRI-O to lay down the temporary version file. +# It is used to check if crio wipe should wipe containers, which should +# always happen on a node reboot +version_file = "/var/run/crio/version" + +# Location for CRI-O to lay down the persistent version file. +# It is used to check if crio wipe should wipe images, which should +# only happen when CRI-O has been upgraded +version_file_persist = "/var/lib/crio/version" + +# The crio.api table contains settings for the kubelet/gRPC interface. +[crio.api] + +# Path to AF_LOCAL socket on which CRI-O will listen. +listen = "/var/run/crio/crio.sock" + +# IP address on which the stream server will listen. +stream_address = "127.0.0.1" + +# The port on which the stream server will listen. If the port is set to "0", then +# CRI-O will allocate a random free port number. +stream_port = "0" + +# Enable encrypted TLS transport of the stream server. +stream_enable_tls = false + +# Path to the x509 certificate file used to serve the encrypted stream. This +# file can change, and CRI-O will automatically pick up the changes within 5 +# minutes. +stream_tls_cert = "" + +# Path to the key file used to serve the encrypted stream. This file can +# change and CRI-O will automatically pick up the changes within 5 minutes. +stream_tls_key = "" + +# Path to the x509 CA(s) file used to verify and authenticate client +# communication with the encrypted stream. This file can change and CRI-O will +# automatically pick up the changes within 5 minutes. +stream_tls_ca = "" + +# Maximum grpc send message size in bytes. If not set or <=0, then CRI-O will default to 16 * 1024 * 1024. +grpc_max_send_msg_size = 16777216 + +# Maximum grpc receive message size. If not set or <= 0, then CRI-O will default to 16 * 1024 * 1024. +grpc_max_recv_msg_size = 16777216 + +# The crio.runtime table contains settings pertaining to the OCI runtime used +# and options for how to set up and manage the OCI runtime. +[crio.runtime] + +# A list of ulimits to be set in containers by default, specified as +# "=:", for example: +# "nofile=1024:2048" +# If nothing is set here, settings will be inherited from the CRI-O daemon +#default_ulimits = [ +#] + +# If true, the runtime will not use pivot_root, but instead use MS_MOVE. +no_pivot = false + +# decryption_keys_path is the path where the keys required for +# image decryption are stored. This option supports live configuration reload. +decryption_keys_path = "/etc/crio/keys/" + +# Path to the conmon binary, used for monitoring the OCI runtime. +# Will be searched for using $PATH if empty. +conmon = "" + +# Cgroup setting for conmon +conmon_cgroup = "system.slice" + +# Environment variable list for the conmon process, used for passing necessary +# environment variables to conmon or the runtime. +conmon_env = [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", +] + +# Additional environment variables to set for all the +# containers. These are overridden if set in the +# container image spec or in the container runtime configuration. +default_env = [ +] + +# If true, SELinux will be used for pod separation on the host. +selinux = false + +# Path to the seccomp.json profile which is used as the default seccomp profile +# for the runtime. If not specified, then the internal default seccomp profile +# will be used. This option supports live configuration reload. +seccomp_profile = "" + +# Changes the meaning of an empty seccomp profile. By default +# (and according to CRI spec), an empty profile means unconfined. +# This option tells CRI-O to treat an empty profile as the default profile, +# which might increase security. +seccomp_use_default_when_empty = false + +# Used to change the name of the default AppArmor profile of CRI-O. The default +# profile name is "crio-default". This profile only takes effect if the user +# does not specify a profile via the Kubernetes Pod's metadata annotation. If +# the profile is set to "unconfined", then this equals to disabling AppArmor. +# This option supports live configuration reload. +apparmor_profile = "crio-default" + +# Cgroup management implementation used for the runtime. +cgroup_manager = "systemd" + +# Specify whether the image pull must be performed in a separate cgroup. +separate_pull_cgroup = "" + +# List of default capabilities for containers. If it is empty or commented out, +# only the capabilities defined in the containers json file by the user/kube +# will be added. +default_capabilities = [ + "CHOWN", + "DAC_OVERRIDE", + "FSETID", + "FOWNER", + "SETGID", + "SETUID", + "SETPCAP", + "NET_BIND_SERVICE", + "KILL", +] + +# List of default sysctls. If it is empty or commented out, only the sysctls +# defined in the container json file by the user/kube will be added. +default_sysctls = [ +] + +# List of additional devices. specified as +# "::", for example: "--device=/dev/sdc:/dev/xvdc:rwm". +#If it is empty or commented out, only the devices +# defined in the container json file by the user/kube will be added. +additional_devices = [ +] + +# Path to OCI hooks directories for automatically executed hooks. If one of the +# directories does not exist, then CRI-O will automatically skip them. +hooks_dir = [ + "/usr/share/containers/oci/hooks.d", +] + +# Path to the file specifying the defaults mounts for each container. The +# format of the config is /SRC:/DST, one mount per line. Notice that CRI-O reads +# its default mounts from the following two files: +# +# 1) /etc/containers/mounts.conf (i.e., default_mounts_file): This is the +# override file, where users can either add in their own default mounts, or +# override the default mounts shipped with the package. +# +# 2) /usr/share/containers/mounts.conf: This is the default file read for +# mounts. If you want CRI-O to read from a different, specific mounts file, +# you can change the default_mounts_file. Note, if this is done, CRI-O will +# only add mounts it finds in this file. +# +#default_mounts_file = "" + +# Maximum number of processes allowed in a container. +pids_limit = 1024 + +# Maximum sized allowed for the container log file. Negative numbers indicate +# that no size limit is imposed. If it is positive, it must be >= 8192 to +# match/exceed conmon's read buffer. The file is truncated and re-opened so the +# limit is never exceeded. +log_size_max = -1 + +# Whether container output should be logged to journald in addition to the kuberentes log file +log_to_journald = false + +# Path to directory in which container exit files are written to by conmon. +container_exits_dir = "/var/run/crio/exits" + +# Path to directory for container attach sockets. +container_attach_socket_dir = "/var/run/crio" + +# The prefix to use for the source of the bind mounts. +bind_mount_prefix = "" + +# If set to true, all containers will run in read-only mode. +read_only = false + +# Changes the verbosity of the logs based on the level it is set to. Options +# are fatal, panic, error, warn, info, debug and trace. This option supports +# live configuration reload. +log_level = "info" + +# Filter the log messages by the provided regular expression. +# This option supports live configuration reload. +log_filter = "" + +# The UID mappings for the user namespace of each container. A range is +# specified in the form containerUID:HostUID:Size. Multiple ranges must be +# separated by comma. +uid_mappings = "" + +# The GID mappings for the user namespace of each container. A range is +# specified in the form containerGID:HostGID:Size. Multiple ranges must be +# separated by comma. +gid_mappings = "" + +# The minimal amount of time in seconds to wait before issuing a timeout +# regarding the proper termination of the container. The lowest possible +# value is 30s, whereas lower values are not considered by CRI-O. +ctr_stop_timeout = 30 + +# manage_ns_lifecycle determines whether we pin and remove namespaces +# and manage their lifecycle. +# This option is being deprecated, and will be unconditionally true in the future. +manage_ns_lifecycle = true + +# drop_infra_ctr determines whether CRI-O drops the infra container +# when a pod does not have a private PID namespace, and does not use +# a kernel separating runtime (like kata). +# It requires manage_ns_lifecycle to be true. +drop_infra_ctr = false + +# The directory where the state of the managed namespaces gets tracked. +# Only used when manage_ns_lifecycle is true. +namespaces_dir = "/var/run" + +# pinns_path is the path to find the pinns binary, which is needed to manage namespace lifecycle +pinns_path = "" + +# default_runtime is the _name_ of the OCI runtime to be used as the default. +# The name is matched against the runtimes map below. If this value is changed, +# the corresponding existing entry from the runtimes map below will be ignored. +default_runtime = "runc" + +# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes. +# The runtime to use is picked based on the runtime_handler provided by the CRI. +# If no runtime_handler is provided, the runtime will be picked based on the level +# of trust of the workload. Each entry in the table should follow the format: +# +#[crio.runtime.runtimes.runtime-handler] +# runtime_path = "/path/to/the/executable" +# runtime_type = "oci" +# runtime_root = "/path/to/the/root" +# privileged_without_host_devices = false +# allowed_annotations = [] +# Where: +# - runtime-handler: name used to identify the runtime +# - runtime_path (optional, string): absolute path to the runtime executable in +# the host filesystem. If omitted, the runtime-handler identifier should match +# the runtime executable name, and the runtime executable should be placed +# in $PATH. +# - runtime_type (optional, string): type of runtime, one of: "oci", "vm". If +# omitted, an "oci" runtime is assumed. +# - runtime_root (optional, string): root directory for storage of containers +# state. +# - privileged_without_host_devices (optional, bool): an option for restricting +# host devices from being passed to privileged containers. +# - allowed_annotations (optional, array of strings): an option for specifying +# a list of experimental annotations that this runtime handler is allowed to process. +# The currently recognized values are: +# "io.kubernetes.cri-o.userns-mode" for configuring a user namespace for the pod. +# "io.kubernetes.cri-o.Devices" for configuring devices for the pod. +# "io.kubernetes.cri-o.ShmSize" for configuring the size of /dev/shm. + + +[crio.runtime.runtimes.runc] +runtime_path = "" +runtime_type = "oci" +runtime_root = "/run/runc" + + + + +# crun is a fast and lightweight fully featured OCI runtime and C library for +# running containers +#[crio.runtime.runtimes.crun] + +# Kata Containers is an OCI runtime, where containers are run inside lightweight +# VMs. Kata provides additional isolation towards the host, minimizing the host attack +# surface and mitigating the consequences of containers breakout. + +# Kata Containers with the default configured VMM +#[crio.runtime.runtimes.kata-runtime] + +# Kata Containers with the QEMU VMM +#[crio.runtime.runtimes.kata-qemu] + +# Kata Containers with the Firecracker VMM +#[crio.runtime.runtimes.kata-fc] + +# The crio.image table contains settings pertaining to the management of OCI images. +# +# CRI-O reads its configured registries defaults from the system wide +# containers-registries.conf(5) located in /etc/containers/registries.conf. If +# you want to modify just CRI-O, you can change the registries configuration in +# this file. Otherwise, leave insecure_registries and registries commented out to +# use the system's defaults from /etc/containers/registries.conf. +[crio.image] + +# Default transport for pulling images from a remote container storage. +default_transport = "docker://" + +# The path to a file containing credentials necessary for pulling images from +# secure registries. The file is similar to that of /var/lib/kubelet/config.json +global_auth_file = "" + +# The image used to instantiate infra containers. +# This option supports live configuration reload. +pause_image = "k8s.gcr.io/pause:3.2" + +# The path to a file containing credentials specific for pulling the pause_image from +# above. The file is similar to that of /var/lib/kubelet/config.json +# This option supports live configuration reload. +pause_image_auth_file = "" + +# The command to run to have a container stay in the paused state. +# When explicitly set to "", it will fallback to the entrypoint and command +# specified in the pause image. When commented out, it will fallback to the +# default: "/pause". This option supports live configuration reload. +pause_command = "/pause" + +# Path to the file which decides what sort of policy we use when deciding +# whether or not to trust an image that we've pulled. It is not recommended that +# this option be used, as the default behavior of using the system-wide default +# policy (i.e., /etc/containers/policy.json) is most often preferred. Please +# refer to containers-policy.json(5) for more details. +signature_policy = "" + +# List of registries to skip TLS verification for pulling images. Please +# consider configuring the registries via /etc/containers/registries.conf before +# changing them here. +#insecure_registries = "[]" + +# Controls how image volumes are handled. The valid values are mkdir, bind and +# ignore; the latter will ignore volumes entirely. +image_volumes = "mkdir" + +# List of registries to be used when pulling an unqualified image (e.g., +# "alpine:latest"). By default, registries is set to "docker.io" for +# compatibility reasons. Depending on your workload and usecase you may add more +# registries (e.g., "quay.io", "registry.fedoraproject.org", +# "registry.opensuse.org", etc.). +#registries = [ +# ] + +# Temporary directory to use for storing big files +big_files_temporary_dir = "" + +# The crio.network table containers settings pertaining to the management of +# CNI plugins. +[crio.network] + +# The default CNI network name to be selected. If not set or "", then +# CRI-O will pick-up the first one found in network_dir. +# cni_default_network = "" + +# Path to the directory where CNI configuration files are located. +network_dir = "/etc/cni/net.d/" + +# Paths to directories where CNI plugin binaries are located. +plugin_dirs = [ + "/opt/cni/bin/", +] + +# A necessary configuration for Prometheus based metrics retrieval +[crio.metrics] + +# Globally enable or disable metrics support. +enable_metrics = false + +# The port on which the metrics server will listen. +metrics_port = 9090 + +# Local socket path to bind the metrics server to +metrics_socket = "" diff --git a/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio.service b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio.service new file mode 100644 index 0000000000..30a794e597 --- /dev/null +++ b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/crio.service @@ -0,0 +1,29 @@ +[Unit] +Description=Container Runtime Interface for OCI (CRI-O) +Documentation=https://github.com/cri-o/cri-o +Wants=network-online.target +After=network-online.target minikube-automount.service +Requires=minikube-automount.service +After=crio-wipe.service +Requires=crio-wipe.service + +[Service] +Type=notify +EnvironmentFile=-/etc/sysconfig/crio +EnvironmentFile=-/etc/sysconfig/crio.minikube +EnvironmentFile=/var/run/minikube/env +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/crio \ + $CRIO_OPTIONS \ + $CRIO_MINIKUBE_OPTIONS +ExecReload=/bin/kill -s HUP $MAINPID +TasksMax=8192 +LimitNOFILE=1048576 +LimitNPROC=1048576 +LimitCORE=infinity +OOMScoreAdjust=-999 +TimeoutStartSec=0 +Restart=on-abnormal + +[Install] +WantedBy=multi-user.target diff --git a/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/policy.json b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/policy.json new file mode 100644 index 0000000000..9333053f93 --- /dev/null +++ b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/policy.json @@ -0,0 +1,7 @@ +{ + "default": [ + { + "type": "insecureAcceptAnything" + } + ] +} diff --git a/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/registries.conf b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/registries.conf new file mode 100644 index 0000000000..409f31d896 --- /dev/null +++ b/deploy/iso/minikube-iso/arch/x86_64/package/crio-bin/registries.conf @@ -0,0 +1,5 @@ +[registries.search] +registries = ['docker.io'] + +[registries.insecure] +registries = [] diff --git a/deploy/iso/minikube-iso/package/Config.in b/deploy/iso/minikube-iso/package/Config.in index 9026fb822d..f0e2e94fc4 100644 --- a/deploy/iso/minikube-iso/package/Config.in +++ b/deploy/iso/minikube-iso/package/Config.in @@ -1,7 +1,6 @@ menu "System tools" source "$BR2_EXTERNAL_MINIKUBE_PATH/package/runc-master/Config.in" source "$BR2_EXTERNAL_MINIKUBE_PATH/package/crun/Config.in" - source "$BR2_EXTERNAL_MINIKUBE_PATH/package/crio-bin/Config.in" source "$BR2_EXTERNAL_MINIKUBE_PATH/package/conmon/Config.in" source "$BR2_EXTERNAL_MINIKUBE_PATH/package/automount/Config.in" source "$BR2_EXTERNAL_MINIKUBE_PATH/package/hyperv-daemons/Config.in"