ilya-zuyev
GitHub
commit
bf6928b7ec
|
|
@ -19,3 +19,5 @@ sha256 25dc558fbabc987bd58c7eab5230121b258a7b0eb34a49dc6595f1c6f3969116 v1.18.2.
|
|||
sha256 d5c6442e3990938badc966cdd1eb9ebe2fc11345452c233aa0d87ca38fbeed81 v1.18.3.tar.gz
|
||||
sha256 74a4e916acddc6cf47ab5752bdebb6732ce2c028505ef57b7edc21d2da9039b6 v1.18.4.tar.gz
|
||||
sha256 fc8a8e61375e3ce30563eeb0fd6534c4f48fc20300a72e6ff51cc99cb2703516 v1.19.0.tar.gz
|
||||
sha256 6165c5b8212ea03be2a465403177318bfe25a54c3e8d66d720344643913a0223 v1.19.1.tar.gz
|
||||
sha256 76fd7543bc92d4364a11060f43a5131893a76c6e6e9d6de3a6bb6292c110b631 v1.20.0.tar.gz
|
||||
|
|
|
|||
|
|
@ -4,8 +4,8 @@
|
|||
#
|
||||
################################################################################
|
||||
|
||||
CRIO_BIN_VERSION = v1.19.0
|
||||
CRIO_BIN_COMMIT = 99c925bebdd9e392f2d575e25f2e6a1082e6c232
|
||||
CRIO_BIN_VERSION = v1.20.0
|
||||
CRIO_BIN_COMMIT = d388528dbed26b93c5bc1c89623607a1e597aa57
|
||||
CRIO_BIN_SITE = https://github.com/cri-o/cri-o/archive
|
||||
CRIO_BIN_SOURCE = $(CRIO_BIN_VERSION).tar.gz
|
||||
CRIO_BIN_DEPENDENCIES = host-go libgpgme
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ storage_driver = "overlay"
|
|||
# List to pass options to the storage driver. Please refer to
|
||||
# containers-storage.conf(5) to see all available storage options.
|
||||
#storage_option = [
|
||||
# "overlay.mountopt=nodev,metacopy=on",
|
||||
#]
|
||||
|
||||
# The default log directory where all logs will go unless directly specified by
|
||||
|
|
@ -92,11 +93,6 @@ grpc_max_recv_msg_size = 16777216
|
|||
#default_ulimits = [
|
||||
#]
|
||||
|
||||
# default_runtime is the _name_ of the OCI runtime to be used as the default.
|
||||
# The name is matched against the runtimes map below. If this value is changed,
|
||||
# the corresponding existing entry from the runtimes map below will be ignored.
|
||||
default_runtime = "runc"
|
||||
|
||||
# If true, the runtime will not use pivot_root, but instead use MS_MOVE.
|
||||
no_pivot = false
|
||||
|
||||
|
|
@ -131,6 +127,12 @@ selinux = false
|
|||
# will be used. This option supports live configuration reload.
|
||||
seccomp_profile = ""
|
||||
|
||||
# Changes the meaning of an empty seccomp profile. By default
|
||||
# (and according to CRI spec), an empty profile means unconfined.
|
||||
# This option tells CRI-O to treat an empty profile as the default profile,
|
||||
# which might increase security.
|
||||
seccomp_use_default_when_empty = false
|
||||
|
||||
# Used to change the name of the default AppArmor profile of CRI-O. The default
|
||||
# profile name is "crio-default". This profile only takes effect if the user
|
||||
# does not specify a profile via the Kubernetes Pod's metadata annotation. If
|
||||
|
|
@ -141,6 +143,9 @@ apparmor_profile = "crio-default"
|
|||
# Cgroup management implementation used for the runtime.
|
||||
cgroup_manager = "systemd"
|
||||
|
||||
# Specify whether the image pull must be performed in a separate cgroup.
|
||||
separate_pull_cgroup = ""
|
||||
|
||||
# List of default capabilities for containers. If it is empty or commented out,
|
||||
# only the capabilities defined in the containers json file by the user/kube
|
||||
# will be added.
|
||||
|
|
@ -174,11 +179,6 @@ hooks_dir = [
|
|||
"/usr/share/containers/oci/hooks.d",
|
||||
]
|
||||
|
||||
# List of default mounts for each container. **Deprecated:** this option will
|
||||
# be removed in future versions in favor of default_mounts_file.
|
||||
default_mounts = [
|
||||
]
|
||||
|
||||
# Path to the file specifying the defaults mounts for each container. The
|
||||
# format of the config is /SRC:/DST, one mount per line. Notice that CRI-O reads
|
||||
# its default mounts from the following two files:
|
||||
|
|
@ -243,7 +243,8 @@ gid_mappings = ""
|
|||
ctr_stop_timeout = 30
|
||||
|
||||
# manage_ns_lifecycle determines whether we pin and remove namespaces
|
||||
# and manage their lifecycle
|
||||
# and manage their lifecycle.
|
||||
# This option is being deprecated, and will be unconditionally true in the future.
|
||||
manage_ns_lifecycle = true
|
||||
|
||||
# drop_infra_ctr determines whether CRI-O drops the infra container
|
||||
|
|
@ -259,6 +260,11 @@ namespaces_dir = "/var/run"
|
|||
# pinns_path is the path to find the pinns binary, which is needed to manage namespace lifecycle
|
||||
pinns_path = "/usr/bin/pinns"
|
||||
|
||||
# default_runtime is the _name_ of the OCI runtime to be used as the default.
|
||||
# The name is matched against the runtimes map below. If this value is changed,
|
||||
# the corresponding existing entry from the runtimes map below will be ignored.
|
||||
default_runtime = "runc"
|
||||
|
||||
# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes.
|
||||
# The runtime to use is picked based on the runtime_handler provided by the CRI.
|
||||
# If no runtime_handler is provided, the runtime will be picked based on the level
|
||||
|
|
@ -268,7 +274,8 @@ pinns_path = "/usr/bin/pinns"
|
|||
# runtime_path = "/path/to/the/executable"
|
||||
# runtime_type = "oci"
|
||||
# runtime_root = "/path/to/the/root"
|
||||
#
|
||||
# privileged_without_host_devices = false
|
||||
# allowed_annotations = []
|
||||
# Where:
|
||||
# - runtime-handler: name used to identify the runtime
|
||||
# - runtime_path (optional, string): absolute path to the runtime executable in
|
||||
|
|
@ -279,6 +286,14 @@ pinns_path = "/usr/bin/pinns"
|
|||
# omitted, an "oci" runtime is assumed.
|
||||
# - runtime_root (optional, string): root directory for storage of containers
|
||||
# state.
|
||||
# - privileged_without_host_devices (optional, bool): an option for restricting
|
||||
# host devices from being passed to privileged containers.
|
||||
# - allowed_annotations (optional, array of strings): an option for specifying
|
||||
# a list of experimental annotations that this runtime handler is allowed to process.
|
||||
# The currently recognized values are:
|
||||
# "io.kubernetes.cri-o.userns-mode" for configuring a user namespace for the pod.
|
||||
# "io.kubernetes.cri-o.Devices" for configuring devices for the pod.
|
||||
# "io.kubernetes.cri-o.ShmSize" for configuring the size of /dev/shm.
|
||||
|
||||
|
||||
[crio.runtime.runtimes.runc]
|
||||
|
|
@ -287,6 +302,8 @@ runtime_type = "oci"
|
|||
runtime_root = "/run/runc"
|
||||
|
||||
|
||||
|
||||
|
||||
# crun is a fast and lightweight fully featured OCI runtime and C library for
|
||||
# running containers
|
||||
#[crio.runtime.runtimes.crun]
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@
|
|||
# List to pass options to the storage driver. Please refer to
|
||||
# containers-storage.conf(5) to see all available storage options.
|
||||
#storage_option = [
|
||||
# "overlay.mountopt=nodev,metacopy=on",
|
||||
#]
|
||||
|
||||
# The default log directory where all logs will go unless directly specified by
|
||||
|
|
@ -92,11 +93,6 @@ grpc_max_recv_msg_size = 16777216
|
|||
#default_ulimits = [
|
||||
#]
|
||||
|
||||
# default_runtime is the _name_ of the OCI runtime to be used as the default.
|
||||
# The name is matched against the runtimes map below. If this value is changed,
|
||||
# the corresponding existing entry from the runtimes map below will be ignored.
|
||||
default_runtime = "runc"
|
||||
|
||||
# If true, the runtime will not use pivot_root, but instead use MS_MOVE.
|
||||
no_pivot = false
|
||||
|
||||
|
|
@ -131,6 +127,12 @@ selinux = false
|
|||
# will be used. This option supports live configuration reload.
|
||||
seccomp_profile = ""
|
||||
|
||||
# Changes the meaning of an empty seccomp profile. By default
|
||||
# (and according to CRI spec), an empty profile means unconfined.
|
||||
# This option tells CRI-O to treat an empty profile as the default profile,
|
||||
# which might increase security.
|
||||
seccomp_use_default_when_empty = false
|
||||
|
||||
# Used to change the name of the default AppArmor profile of CRI-O. The default
|
||||
# profile name is "crio-default". This profile only takes effect if the user
|
||||
# does not specify a profile via the Kubernetes Pod's metadata annotation. If
|
||||
|
|
@ -141,6 +143,9 @@ apparmor_profile = "crio-default"
|
|||
# Cgroup management implementation used for the runtime.
|
||||
cgroup_manager = "systemd"
|
||||
|
||||
# Specify whether the image pull must be performed in a separate cgroup.
|
||||
separate_pull_cgroup = ""
|
||||
|
||||
# List of default capabilities for containers. If it is empty or commented out,
|
||||
# only the capabilities defined in the containers json file by the user/kube
|
||||
# will be added.
|
||||
|
|
@ -174,11 +179,6 @@ hooks_dir = [
|
|||
"/usr/share/containers/oci/hooks.d",
|
||||
]
|
||||
|
||||
# List of default mounts for each container. **Deprecated:** this option will
|
||||
# be removed in future versions in favor of default_mounts_file.
|
||||
default_mounts = [
|
||||
]
|
||||
|
||||
# Path to the file specifying the defaults mounts for each container. The
|
||||
# format of the config is /SRC:/DST, one mount per line. Notice that CRI-O reads
|
||||
# its default mounts from the following two files:
|
||||
|
|
@ -243,7 +243,8 @@ gid_mappings = ""
|
|||
ctr_stop_timeout = 30
|
||||
|
||||
# manage_ns_lifecycle determines whether we pin and remove namespaces
|
||||
# and manage their lifecycle
|
||||
# and manage their lifecycle.
|
||||
# This option is being deprecated, and will be unconditionally true in the future.
|
||||
manage_ns_lifecycle = true
|
||||
|
||||
# drop_infra_ctr determines whether CRI-O drops the infra container
|
||||
|
|
@ -259,6 +260,11 @@ namespaces_dir = "/var/run"
|
|||
# pinns_path is the path to find the pinns binary, which is needed to manage namespace lifecycle
|
||||
pinns_path = ""
|
||||
|
||||
# default_runtime is the _name_ of the OCI runtime to be used as the default.
|
||||
# The name is matched against the runtimes map below. If this value is changed,
|
||||
# the corresponding existing entry from the runtimes map below will be ignored.
|
||||
default_runtime = "runc"
|
||||
|
||||
# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes.
|
||||
# The runtime to use is picked based on the runtime_handler provided by the CRI.
|
||||
# If no runtime_handler is provided, the runtime will be picked based on the level
|
||||
|
|
@ -268,7 +274,8 @@ pinns_path = ""
|
|||
# runtime_path = "/path/to/the/executable"
|
||||
# runtime_type = "oci"
|
||||
# runtime_root = "/path/to/the/root"
|
||||
#
|
||||
# privileged_without_host_devices = false
|
||||
# allowed_annotations = []
|
||||
# Where:
|
||||
# - runtime-handler: name used to identify the runtime
|
||||
# - runtime_path (optional, string): absolute path to the runtime executable in
|
||||
|
|
@ -279,6 +286,14 @@ pinns_path = ""
|
|||
# omitted, an "oci" runtime is assumed.
|
||||
# - runtime_root (optional, string): root directory for storage of containers
|
||||
# state.
|
||||
# - privileged_without_host_devices (optional, bool): an option for restricting
|
||||
# host devices from being passed to privileged containers.
|
||||
# - allowed_annotations (optional, array of strings): an option for specifying
|
||||
# a list of experimental annotations that this runtime handler is allowed to process.
|
||||
# The currently recognized values are:
|
||||
# "io.kubernetes.cri-o.userns-mode" for configuring a user namespace for the pod.
|
||||
# "io.kubernetes.cri-o.Devices" for configuring devices for the pod.
|
||||
# "io.kubernetes.cri-o.ShmSize" for configuring the size of /dev/shm.
|
||||
|
||||
|
||||
[crio.runtime.runtimes.runc]
|
||||
|
|
@ -287,6 +302,8 @@ runtime_type = "oci"
|
|||
runtime_root = "/run/runc"
|
||||
|
||||
|
||||
|
||||
|
||||
# crun is a fast and lightweight fully featured OCI runtime and C library for
|
||||
# running containers
|
||||
#[crio.runtime.runtimes.crun]
|
||||
|
|
|
|||
Loading…
Reference in New Issue