github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-19 15:58:25 +00:00
Code Issues Projects Releases Wiki Activity

containerd-kata.md: Add the example for containerd 2.x

Browse Source 
The config of containerd 2.x is different from 1.x.
This commit add example for 2.x.

Fixes: #10670

Signed-off-by: Hui Zhu <teawater@antgroup.com>
This commit is contained in:
Hui Zhu
2024-12-18 09:09:37 +08:00
parent 39bf10875b
commit 765efc3a50
1 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
docs/how-to/containerd-kata.md
View File

@@ -107,6 +107,7 @@ $ popd
By default, the configuration of containerd is located at `/etc/containerd/config.toml`, and the
`cri` plugins are placed in the following section:
For containerd v1.x:
```toml
[plugins]
[plugins.cri]
@@ -118,6 +119,13 @@ By default, the configuration of containerd is located at `/etc/containerd/confi
# conf_dir is the directory in which the admin places a CNI conf.
conf_dir = "/etc/cni/net.d"
```
For containerd v2.x:
```toml
[plugins]
[plugins.'io.containerd.cri.v1.runtime']
[plugins.'io.containerd.cri.v1.runtime'.containerd]
#default_runtime_name = 'runc'
```
The following sections outline how to add Kata Containers to the configurations.
@@ -136,6 +144,7 @@ The following configuration includes two runtime classes:
where the dot-connected string `io.containerd.kata.v2` is translated to `containerd-shim-kata-v2` (i.e. the
binary name of the Kata implementation of [Containerd Runtime V2 (Shim API)](https://github.com/containerd/containerd/tree/main/core/runtime/v2)).
For containerd v1.x:
```toml
[plugins.cri.containerd]
no_pivot = false
@@ -158,6 +167,17 @@ The following configuration includes two runtime classes:
ConfigPath = "/opt/kata/share/defaults/kata-containers/configuration.toml"
```
For containerd v2.x:
```toml
[plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes]
[plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.runc]
runtime_type = 'io.containerd.runc.v2'
runtime_path = ''
[plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.kata]
runtime_type = 'io.containerd.kata.v2'
runtime_path = ''
```
`privileged_without_host_devices` tells containerd that a privileged Kata container should not have direct access to all host devices. If unset, containerd will pass all host devices to Kata container, which may cause security issues.
`pod_annotations` is the list of pod annotations passed to both the pod sandbox as well as container through the OCI config.
@@ -191,11 +211,19 @@ You can find more information on the [Containerd config documentation](https://g
If you want to set Kata Containers as the only runtime in the deployment, you can simply configure as follows:
For containerd v1.x:
```toml
[plugins.cri.containerd]
[plugins.cri.containerd.default_runtime]
runtime_type = "io.containerd.kata.v2"
```
For containerd v2.x:
```toml
[plugins]
[plugins.'io.containerd.cri.v1.runtime']
[plugins.'io.containerd.cri.v1.runtime'.containerd]
default_runtime_name = 'kata'
```
### Configuration for `cri-tools`