2017-05-12 13:36:15 +00:00
|
|
|
% crio.conf(5) Open Container Initiative Daemon
|
2016-10-09 17:36:43 +00:00
|
|
|
% Aleksa Sarai
|
|
|
|
% OCTOBER 2016
|
|
|
|
|
|
|
|
# NAME
|
2017-07-17 13:48:22 +00:00
|
|
|
crio.conf - CRI-O configuration file
|
2016-10-09 17:36:43 +00:00
|
|
|
|
|
|
|
# DESCRIPTION
|
2017-07-17 13:48:22 +00:00
|
|
|
The CRI-O configuration file specifies all of the available command-line options
|
2017-05-12 13:36:15 +00:00
|
|
|
for the crio(8) program, but in a TOML format that can be more easily modified
|
2016-10-09 17:36:43 +00:00
|
|
|
and versioned.
|
|
|
|
|
|
|
|
# FORMAT
|
|
|
|
The [TOML format][toml] is used as the encoding of the configuration file.
|
2017-05-12 13:36:15 +00:00
|
|
|
Every option and subtable listed here is nested under a global "crio" table.
|
2016-10-09 17:36:43 +00:00
|
|
|
No bare options are used. The format of TOML can be simplified to:
|
|
|
|
|
|
|
|
[table]
|
|
|
|
option = value
|
|
|
|
|
|
|
|
[table.subtable1]
|
|
|
|
option = value
|
|
|
|
|
|
|
|
[table.subtable2]
|
|
|
|
option = value
|
|
|
|
|
2017-05-15 22:05:58 +00:00
|
|
|
## CRIO TABLE
|
2016-10-09 17:36:43 +00:00
|
|
|
|
2017-05-12 13:36:15 +00:00
|
|
|
The `crio` table supports the following options:
|
2016-10-09 17:36:43 +00:00
|
|
|
|
|
|
|
|
|
|
|
**root**=""
|
2017-05-15 22:05:58 +00:00
|
|
|
CRIO root dir (default: "/var/lib/containers/storage")
|
2016-10-18 14:48:33 +00:00
|
|
|
|
|
|
|
**runroot**=""
|
2017-05-15 22:05:58 +00:00
|
|
|
CRIO state dir (default: "/var/run/containers/storage")
|
2016-10-09 17:36:43 +00:00
|
|
|
|
2016-10-18 14:48:33 +00:00
|
|
|
**storage_driver**=""
|
2017-05-15 22:05:58 +00:00
|
|
|
CRIO storage driver (default is "devicemapper")
|
2016-10-09 17:36:43 +00:00
|
|
|
|
2016-10-18 14:48:33 +00:00
|
|
|
**storage_option**=[]
|
2017-05-15 22:05:58 +00:00
|
|
|
CRIO storage driver option list (no default)
|
2016-10-09 17:36:43 +00:00
|
|
|
|
2017-05-15 22:05:58 +00:00
|
|
|
## CRIO.API TABLE
|
2016-10-09 17:36:43 +00:00
|
|
|
|
|
|
|
**listen**=""
|
2017-05-12 13:36:15 +00:00
|
|
|
Path to crio socket (default: "/var/run/crio.sock")
|
2016-10-09 17:36:43 +00:00
|
|
|
|
2017-05-15 22:05:58 +00:00
|
|
|
## CRIO.RUNTIME TABLE
|
2016-10-09 17:36:43 +00:00
|
|
|
|
|
|
|
**conmon**=""
|
2017-05-12 13:36:15 +00:00
|
|
|
Path to the conmon executable (default: "/usr/local/libexec/crio/conmon")
|
2016-10-24 17:08:17 +00:00
|
|
|
|
|
|
|
**conmon_env**=[]
|
|
|
|
Environment variable list for conmon process (default: ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",])
|
2016-10-09 17:36:43 +00:00
|
|
|
|
2017-09-25 23:08:09 +00:00
|
|
|
**log_size_max**=""
|
|
|
|
Maximum sized allowed for the container log file (default: -1)
|
|
|
|
Negative numbers indicate that no size limit is imposed.
|
|
|
|
The file is truncated and re-opened so the limit is never exceeded.
|
|
|
|
|
2017-07-07 21:44:41 +00:00
|
|
|
**pids_limit**=""
|
|
|
|
Maximum number of processes allowed in a container (default: 1024)
|
|
|
|
|
2016-10-09 17:36:43 +00:00
|
|
|
**runtime**=""
|
|
|
|
OCI runtime path (default: "/usr/bin/runc")
|
|
|
|
|
2016-11-30 08:36:07 +00:00
|
|
|
**selinux**=*true*|*false*
|
2016-10-09 17:36:43 +00:00
|
|
|
Enable selinux support (default: false)
|
|
|
|
|
2016-10-18 14:48:33 +00:00
|
|
|
**signature_policy**=""
|
|
|
|
Path to the signature policy json file (default: "", to use the system-wide default)
|
|
|
|
|
2016-11-30 08:36:07 +00:00
|
|
|
**seccomp_profile**=""
|
2017-05-12 13:36:15 +00:00
|
|
|
Path to the seccomp json profile to be used as the runtime's default (default: "/etc/crio/seccomp.json")
|
2016-11-23 09:41:48 +00:00
|
|
|
|
2016-11-30 08:36:07 +00:00
|
|
|
**apparmor_profile**=""
|
2017-05-12 13:36:15 +00:00
|
|
|
Name of the apparmor profile to be used as the runtime's default (default: "crio-default")
|
2016-11-30 08:36:07 +00:00
|
|
|
|
2017-09-25 14:42:25 +00:00
|
|
|
**no_pivot**=*true*|*false*
|
|
|
|
Instructs the runtime to not use pivot_root, but instead use MS_MOVE
|
|
|
|
|
2017-05-15 22:05:58 +00:00
|
|
|
## CRIO.IMAGE TABLE
|
2016-10-09 17:36:43 +00:00
|
|
|
|
2016-10-18 14:48:33 +00:00
|
|
|
**default_transport**
|
|
|
|
A prefix to prepend to image names that can't be pulled as-is (default: "docker://")
|
|
|
|
|
2017-07-20 08:01:23 +00:00
|
|
|
**image_volumes**=""
|
2017-09-11 22:43:53 +00:00
|
|
|
Image volume handling ('mkdir', 'bind' or 'ignore') (default: "mkdir")
|
|
|
|
mkdir: A directory is created inside the container root filesystem for the volumes.
|
|
|
|
bind: A directory is created inside container state directory and bind mounted into
|
|
|
|
the container for the volumes.
|
|
|
|
ignore: All volumes are just ignored and no action is taken.
|
2017-07-07 21:10:25 +00:00
|
|
|
|
2017-07-20 08:01:23 +00:00
|
|
|
**insecure_registries**=""
|
|
|
|
Enable insecure registry communication, i.e., enable un-encrypted
|
|
|
|
and/or untrusted communication.
|
|
|
|
|
|
|
|
List of insecure registries can contain an element with CIDR notation
|
|
|
|
to specify a whole subnet. Insecure registries accept HTTP and/or
|
|
|
|
accept HTTPS with certificates from unknown CAs.
|
|
|
|
|
|
|
|
Enabling --insecure-registry is useful when running a local registry.
|
|
|
|
However, because its use creates security vulnerabilities it should
|
|
|
|
ONLY be enabled for testing purposes. For increased security, users
|
|
|
|
should add their CA to their system's list of trusted CAs instead of
|
|
|
|
using --insecure-registry.
|
|
|
|
|
2016-10-18 14:48:33 +00:00
|
|
|
**pause_command**=""
|
|
|
|
Path to the pause executable in the pause image (default: "/pause")
|
|
|
|
|
|
|
|
**pause_image**=""
|
|
|
|
Image which contains the pause executable (default: "kubernetes/pause")
|
2016-10-09 17:36:43 +00:00
|
|
|
|
2017-07-20 08:01:23 +00:00
|
|
|
**registries**=""
|
|
|
|
Comma separated list of registries that will be prepended when pulling
|
|
|
|
unqualified images
|
|
|
|
|
2017-05-15 22:05:58 +00:00
|
|
|
## CRIO.NETWORK TABLE
|
2016-12-17 11:23:07 +00:00
|
|
|
|
|
|
|
**network_dir**=""
|
|
|
|
Path to CNI configuration files (default: "/etc/cni/net.d/")
|
|
|
|
|
|
|
|
**plugin_dir**=""
|
|
|
|
Path to CNI plugin binaries (default: "/opt/cni/bin/")
|
|
|
|
|
2016-10-09 17:36:43 +00:00
|
|
|
# SEE ALSO
|
2017-05-12 13:36:15 +00:00
|
|
|
crio(8)
|
2016-10-09 17:36:43 +00:00
|
|
|
|
|
|
|
# HISTORY
|
|
|
|
Oct 2016, Originally compiled by Aleksa Sarai <asarai@suse.de>
|