|
@@ -35,6 +35,10 @@ stream_address = ""
|
|
|
# stream_port is the port on which the stream server will listen
|
|
# stream_port is the port on which the stream server will listen
|
|
|
stream_port = "10010"
|
|
stream_port = "10010"
|
|
|
|
|
|
|
|
|
|
+# file_locking is whether file-based locking will be used instead of
|
|
|
|
|
+# in-memory locking
|
|
|
|
|
+file_locking = true
|
|
|
|
|
+
|
|
|
# The "crio.runtime" table contains settings pertaining to the OCI
|
|
# The "crio.runtime" table contains settings pertaining to the OCI
|
|
|
# runtime used and options for how to set up and manage the OCI runtime.
|
|
# runtime used and options for how to set up and manage the OCI runtime.
|
|
|
[crio.runtime]
|
|
[crio.runtime]
|
|
@@ -67,6 +71,9 @@ runtime_untrusted_workload = ""
|
|
|
# container runtime for all containers.
|
|
# container runtime for all containers.
|
|
|
default_workload_trust = "trusted"
|
|
default_workload_trust = "trusted"
|
|
|
|
|
|
|
|
|
|
+# no_pivot instructs the runtime to not use pivot_root, but instead use MS_MOVE
|
|
|
|
|
+no_pivot = false
|
|
|
|
|
+
|
|
|
# conmon is the path to conmon binary, used for managing the runtime.
|
|
# conmon is the path to conmon binary, used for managing the runtime.
|
|
|
conmon = "/usr/libexec/crio/conmon"
|
|
conmon = "/usr/libexec/crio/conmon"
|
|
|
|
|
|
|
@@ -91,7 +98,17 @@ apparmor_profile = "crio-default"
|
|
|
|
|
|
|
|
# cgroup_manager is the cgroup management implementation to be used
|
|
# cgroup_manager is the cgroup management implementation to be used
|
|
|
# for the runtime.
|
|
# for the runtime.
|
|
|
-cgroup_manager = "systemd"
|
|
|
|
|
|
|
+cgroup_manager = "cgroupfs"
|
|
|
|
|
+
|
|
|
|
|
+# hooks_dir_path is the oci hooks directory for automatically executed hooks
|
|
|
|
|
+hooks_dir_path = "/usr/share/containers/oci/hooks.d"
|
|
|
|
|
+
|
|
|
|
|
+# pids_limit is the number of processes allowed in a container
|
|
|
|
|
+pids_limit = 1024
|
|
|
|
|
+
|
|
|
|
|
+# log_size_max is the max limit for the container log size in bytes.
|
|
|
|
|
+# Negative values indicate that no limit is imposed.
|
|
|
|
|
+log_size_max = -1
|
|
|
|
|
|
|
|
# The "crio.image" table contains settings pertaining to the
|
|
# The "crio.image" table contains settings pertaining to the
|
|
|
# management of OCI images.
|
|
# management of OCI images.
|
|
@@ -115,6 +132,10 @@ pause_command = "/pause"
|
|
|
# unspecified so that the default system-wide policy will be used.
|
|
# unspecified so that the default system-wide policy will be used.
|
|
|
signature_policy = ""
|
|
signature_policy = ""
|
|
|
|
|
|
|
|
|
|
+# image_volumes controls how image volumes are handled.
|
|
|
|
|
+# The valid values are mkdir and ignore.
|
|
|
|
|
+image_volumes = "mkdir"
|
|
|
|
|
+
|
|
|
# insecure_registries is used to skip TLS verification when pulling images.
|
|
# insecure_registries is used to skip TLS verification when pulling images.
|
|
|
insecure_registries = [
|
|
insecure_registries = [
|
|
|
{{ l_insecure_crio_registries|default("") }}
|
|
{{ l_insecure_crio_registries|default("") }}
|
|
@@ -125,6 +146,7 @@ insecure_registries = [
|
|
|
registries = [
|
|
registries = [
|
|
|
{{ l_additional_crio_registries|default("") }}
|
|
{{ l_additional_crio_registries|default("") }}
|
|
|
]
|
|
]
|
|
|
|
|
+
|
|
|
# The "crio.network" table contains settings pertaining to the
|
|
# The "crio.network" table contains settings pertaining to the
|
|
|
# management of CNI plugins.
|
|
# management of CNI plugins.
|
|
|
[crio.network]
|
|
[crio.network]
|
Giuseppe Scrivano