2017-05-12 13:36:15 +00:00
% crio(8) Open Container Initiative Daemon
2016-09-28 18:33:53 +00:00
% Dan Walsh
% SEPTEMBER 2016
# NAME
2017-07-17 13:48:22 +00:00
crio - OCI Kubernetes Container Runtime daemon
2016-09-28 18:33:53 +00:00
# SYNOPSIS
2017-05-12 13:36:15 +00:00
**crio**
2017-06-07 17:08:06 +00:00
[**--apparmor-profile**=[*value*]]
[**--cgroup-manager**=[*value*]]
[**--cni-config-dir**=[*value*]]
[**--cni-plugin-dir**=[*value*]]
2016-10-13 13:25:31 +00:00
[**--config**=[*value*]]
2016-09-28 19:49:46 +00:00
[**--conmon**=[*value*]]
2017-06-07 17:08:06 +00:00
[**--cpu-profile**=[*value*]]
2016-09-28 18:33:53 +00:00
[**--debug**]
2016-10-18 14:48:33 +00:00
[**--default-transport**=[*value*]]
2016-10-07 18:52:24 +00:00
[**--help**|**-h**]
2017-07-20 08:01:23 +00:00
[**--insecure-registry**=[*value*]]
2016-10-09 17:36:43 +00:00
[**--listen**=[*value*]]
2016-09-28 18:33:53 +00:00
[**--log**=[*value*]]
[**--log-format value**]
2016-10-18 14:48:33 +00:00
[**--pause-command**=[*value*]]
[**--pause-image**=[*value*]]
2017-07-20 08:01:23 +00:00
[**--registry**=[*value*]]
2016-10-07 18:52:24 +00:00
[**--root**=[*value*]]
2016-10-18 14:48:33 +00:00
[**--runroot**=[*value*]]
2016-10-07 18:52:24 +00:00
[**--runtime**=[*value*]]
2017-06-07 17:08:06 +00:00
[**--seccomp-profile**=[*value*]]
[**--selinux**]
2016-10-18 14:48:33 +00:00
[**--signature-policy**=[*value*]]
[**--storage-driver**=[*value*]]
2017-02-24 22:05:07 +00:00
[**--storage-opt**=[*value*]]
2016-09-28 18:33:53 +00:00
[**--version**|**-v**]
# DESCRIPTION
OCI-based implementation of Kubernetes Container Runtime Interface Daemon
2017-05-12 13:36:15 +00:00
crio is meant to provide an integration path between OCI conformant runtimes and the kubelet. Specifically, it implements the Kubelet Container Runtime Interface (CRI) using OCI conformant runtimes. The scope of crio is tied to the scope of the CRI.
2016-09-28 18:33:53 +00:00
* Support multiple image formats including the existing Docker image format
* Support for multiple means to download images including trust & image verification
* Container image management (managing image layers, overlay filesystems, etc)
* Container process lifecycle management
* Monitoring and logging required to satisfy the CRI
* Resource isolation as required by the CRI
2017-05-12 13:36:15 +00:00
**crio [GLOBAL OPTIONS]**
2016-09-28 18:33:53 +00:00
2017-05-12 13:36:15 +00:00
**crio [GLOBAL OPTIONS] config [OPTIONS]**
2016-10-09 17:36:43 +00:00
# GLOBAL OPTIONS
2016-09-28 18:33:53 +00:00
2016-10-18 14:48:33 +00:00
**--apparmor_profile**=""
2017-05-12 13:36:15 +00:00
Name of the apparmor profile to be used as the runtime's default (default: "crio-default")
2016-10-18 14:48:33 +00:00
2017-06-07 17:08:06 +00:00
**--cgroup-manager**=""
cgroup manager (cgroupfs or systemd)
2016-10-13 13:25:31 +00:00
**--config**=""
path to configuration file
2016-09-28 19:49:46 +00:00
**--conmon**=""
2017-05-12 13:36:15 +00:00
path to the conmon executable (default: "/usr/local/libexec/crio/conmon")
2016-09-28 19:49:46 +00:00
2017-06-07 17:08:06 +00:00
**--cpu-profile**=""
set the CPU profile file path
2016-09-28 18:33:53 +00:00
**--debug**
Enable debug output for logging
2016-10-18 14:48:33 +00:00
**--default-transport**
A prefix to prepend to image names that can't be pulled as-is.
2016-10-07 18:52:24 +00:00
**--help, -h**
Print usage statement
2017-07-20 08:01:23 +00:00
**--insecure-registry=**
Enable insecure registry communication, i.e., enable un-encrypted
and/or untrusted communication.
List of insecure registries can contain an element with CIDR notation
to specify a whole subnet. Insecure registries accept HTTP and/or
accept HTTPS with certificates from unknown CAs.
Enabling --insecure-registry is useful when running a local registry.
However, because its use creates security vulnerabilities it should
ONLY be enabled for testing purposes. For increased security, users
should add their CA to their system's list of trusted CAs instead of
using --insecure-registry.
2017-07-07 21:10:25 +00:00
**--image-volumes**=""
2017-09-11 22:43:53 +00:00
Image volume handling ('mkdir', 'bind' or 'ignore') (default: "mkdir")
mkdir: A directory is created inside the container root filesystem for the volumes.
bind: A directory is created inside container state directory and bind mounted into
the container for the volumes.
ignore: All volumes are just ignored and no action is taken.
2017-07-07 21:10:25 +00:00
2016-10-09 17:36:43 +00:00
**--listen**=""
2017-05-12 13:36:15 +00:00
Path to crio socket (default: "/var/run/crio.sock")
2016-10-09 17:36:43 +00:00
2016-09-28 18:33:53 +00:00
**--log**=""
Set the log file path where internal debug information is written
**--log-format**=""
Set the format used by logs ('text' (default), or 'json') (default: "text")
2017-09-25 23:08:09 +00:00
**--log-size-max**=""
Maximum log size in bytes for a container (default: -1 (no limit))
2016-10-18 14:48:33 +00:00
**--pause-command**=""
Path to the pause executable in the pause image (default: "/pause")
**--pause-image**=""
Image which contains the pause executable (default: "kubernetes/pause")
2016-10-07 18:52:24 +00:00
2017-07-07 21:44:41 +00:00
**--pids-limit**=""
Maximum number of processes allowed in a container (default: 1024)
2016-10-07 18:52:24 +00:00
**--root**=""
2017-05-15 22:05:58 +00:00
CRIO root dir (default: "/var/lib/containers/storage")
2016-10-18 14:48:33 +00:00
2017-07-20 08:01:23 +00:00
**--registry**=""
Registry host which will be prepended to unqualified images, can be specified multiple times
2016-10-18 14:48:33 +00:00
**--runroot**=""
2017-05-15 22:05:58 +00:00
CRIO state dir (default: "/var/run/containers/storage")
2016-10-07 18:52:24 +00:00
**--runtime**=""
OCI runtime path (default: "/usr/bin/runc")
2016-11-30 08:36:07 +00:00
**--selinux**=*true*|*false*
2016-10-09 17:36:43 +00:00
Enable selinux support (default: false)
2016-09-28 18:33:53 +00:00
2016-10-18 14:48:33 +00:00
**--seccomp-profile**=""
2017-05-12 13:36:15 +00:00
Path to the seccomp json profile to be used as the runtime's default (default: "/etc/crio/seccomp.json")
2016-11-23 09:41:48 +00:00
2016-10-18 14:48:33 +00:00
**--signature-policy**=""
Path to the signature policy json file (default: "", to use the system-wide default)
**--storage-driver**
OCI storage driver (default: "devicemapper")
2017-02-24 22:05:07 +00:00
**--storage-opt**
2016-10-18 14:48:33 +00:00
OCI storage driver option (no default)
2016-11-30 08:36:07 +00:00
2016-12-17 11:23:07 +00:00
**--cni-config-dir**=""
2016-10-18 14:48:33 +00:00
CNI configuration files directory (default: "/etc/cni/net.d/")
2016-12-17 11:23:07 +00:00
**--cni-plugin-dir**=""
2016-10-18 14:48:33 +00:00
CNI plugin binaries directory (default: "/opt/cni/bin/")
2016-12-17 11:23:07 +00:00
2017-04-25 05:51:37 +00:00
**--cpu-profile**
Set the CPU profile file path
2016-09-28 18:33:53 +00:00
**--version, -v**
Print the version
2016-10-09 17:36:43 +00:00
# COMMANDS
2017-05-15 22:05:58 +00:00
CRIO's default command is to start the daemon. However, it currently offers a
2016-10-09 17:36:43 +00:00
single additional subcommand.
## config
Outputs a commented version of the configuration file that would've been used
2017-05-15 22:05:58 +00:00
by CRIO. This allows you to save you current configuration setup and then load
2016-10-09 17:36:43 +00:00
it later with ** --config**. Global options will modify the output.
**--default**
Output the default configuration (without taking into account any configuration options).
# SEE ALSO
2017-05-12 13:36:15 +00:00
crio.conf(5)
2016-10-09 17:36:43 +00:00
2016-09-28 18:33:53 +00:00
# HISTORY
2016-10-09 17:36:43 +00:00
Sept 2016, Originally compiled by Dan Walsh < dwalsh @ redhat . com > and Aleksa Sarai < asarai @ suse . de >