Advertisement
fatherlinux

Untitled

Apr 3rd, 2019
597
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.34 KB | None | 0 0
  1. alias urldecode='python3 -c "import sys, urllib.parse; print(urllib.parse.unquote(sys.argv[1]))"'
  2.  
  3.  
  4. urldecode "data:,%23%20The%20%22crio%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bcrio%5D%0A%0A%23%20CRI-O%20reads%20its%20storage%20defaults%20from%20the%20containers%2Fstorage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fstorage.conf.%20Modify%20storage.conf%20if%20you%20want%20to%0A%23%20change%20default%20storage%20for%20all%20tools%20that%20use%20containers%2Fstorage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20storage%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20root%20is%20a%20path%20to%20the%20%22root%20directory%22.%20CRIO%20stores%20all%20of%20its%20data%2C%0A%23%20including%20container%20images%2C%20in%20this%20directory.%0A%23root%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%23%20run%20is%20a%20path%20to%20the%20%22run%20directory%22.%20CRIO%20stores%20all%20of%20its%20state%0A%23%20in%20this%20directory.%0A%23runroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20storage_driver%20select%20which%20storage%20driver%20is%20used%20to%20manage%20storage%0A%23%20of%20images%20and%20containers.%0A%23storage_driver%20%3D%20%22%22%0A%0A%23%20storage_option%20is%20used%20to%20pass%20an%20option%20to%20the%20storage%20driver.%0A%23storage_option%20%3D%20%5B%0A%23%5D%0A%0A%23%20The%20%22crio.api%22%20table%20contains%20settings%20for%20the%20kubelet%2FgRPC%20interface.%0A%5Bcrio.api%5D%0A%0A%23%20listen%20is%20the%20path%20to%20the%20AF_LOCAL%20socket%20on%20which%20crio%20will%20listen.%0Alisten%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fcrio.sock%22%0A%0A%23%20stream_address%20is%20the%20IP%20address%20on%20which%20the%20stream%20server%20will%20listen%0Astream_address%20%3D%20%22%22%0A%0A%23%20stream_port%20is%20the%20port%20on%20which%20the%20stream%20server%20will%20listen%0Astream_port%20%3D%20%2210010%22%0A%0A%23%20stream_enable_tls%20enables%20encrypted%20tls%20transport%20of%20the%20stream%20server%0Astream_enable_tls%20%3D%20false%0A%0A%23%20stream_tls_cert%20is%20the%20x509%20certificate%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_cert%20%3D%20%22%22%0A%0A%23%20stream_tls_key%20is%20the%20key%20file%20path%20used%20to%20serve%20the%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_key%20%3D%20%22%22%0A%0A%23%20stream_tls_ca%20is%20the%20x509%20CA(s)%20file%20used%20to%20verify%20and%20authenticate%20client%0A%23%20communication%20with%20the%20tls%20encrypted%20stream.%0A%23%20This%20file%20can%20change%2C%20and%20CRIO%20will%20automatically%20pick%20up%20the%20changes%20within%205%20minutes.%0Astream_tls_ca%20%3D%20%22%22%0A%0A%23%20file_locking%20is%20whether%20file-based%20locking%20will%20be%20used%20instead%20of%0A%23%20in-memory%20locking%0Afile_locking%20%3D%20false%0A%0A%23%20The%20%22crio.runtime%22%20table%20contains%20settings%20pertaining%20to%20the%20OCI%0A%23%20runtime%20used%20and%20options%20for%20how%20to%20set%20up%20and%20manage%20the%20OCI%20runtime.%0A%5Bcrio.runtime%5D%0A%0A%23%20runtime%20is%20the%20OCI%20compatible%20runtime%20used%20for%20trusted%20container%20workloads.%0A%23%20This%20is%20a%20mandatory%20setting%20as%20this%20runtime%20will%20be%20the%20default%20one%0A%23%20and%20will%20also%20be%20used%20for%20untrusted%20container%20workloads%20if%0A%23%20runtime_untrusted_workload%20is%20not%20set.%0Aruntime%20%3D%20%22%2Fusr%2Fbin%2Frunc%22%0A%0A%23%20runtime_untrusted_workload%20is%20the%20OCI%20compatible%20runtime%20used%20for%20untrusted%0A%23%20container%20workloads.%20This%20is%20an%20optional%20setting%2C%20except%20if%0A%23%20default_container_trust%20is%20set%20to%20%22untrusted%22.%0Aruntime_untrusted_workload%20%3D%20%22%22%0A%0A%23%20default_workload_trust%20is%20the%20default%20level%20of%20trust%20crio%20puts%20in%20container%0A%23%20workloads.%20It%20can%20either%20be%20%22trusted%22%20or%20%22untrusted%22%2C%20and%20the%20default%0A%23%20is%20%22trusted%22.%0A%23%20Containers%20can%20be%20run%20through%20different%20container%20runtimes%2C%20depending%20on%0A%23%20the%20trust%20hints%20we%20receive%20from%20kubelet%3A%0A%23%20-%20If%20kubelet%20tags%20a%20container%20workload%20as%20untrusted%2C%20crio%20will%20try%20first%20to%0A%23%20run%20it%20through%20the%20untrusted%20container%20workload%20runtime.%20If%20it%20is%20not%20set%2C%0A%23%20crio%20will%20use%20the%20trusted%20runtime.%0A%23%20-%20If%20kubelet%20does%20not%20provide%20any%20information%20about%20the%20container%20workload%20trust%0A%23%20level%2C%20the%20selected%20runtime%20will%20depend%20on%20the%20default_container_trust%20setting.%0A%23%20If%20it%20is%20set%20to%20%22untrusted%22%2C%20then%20all%20containers%20except%20for%20the%20host%20privileged%0A%23%20ones%2C%20will%20be%20run%20by%20the%20runtime_untrusted_workload%20runtime.%20Host%20privileged%0A%23%20containers%20are%20by%20definition%20trusted%20and%20will%20always%20use%20the%20trusted%20container%0A%23%20runtime.%20If%20default_container_trust%20is%20set%20to%20%22trusted%22%2C%20crio%20will%20use%20the%20trusted%0A%23%20container%20runtime%20for%20all%20containers.%0Adefault_workload_trust%20%3D%20%22trusted%22%0A%0A%23%20no_pivot%20instructs%20the%20runtime%20to%20not%20use%20pivot_root%2C%20but%20instead%20use%20MS_MOVE%0Ano_pivot%20%3D%20false%0A%0A%23%20conmon%20is%20the%20path%20to%20conmon%20binary%2C%20used%20for%20managing%20the%20runtime.%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0A%0A%23%20conmon_env%20is%20the%20environment%20variable%20list%20for%20conmon%20process%2C%0A%23%20used%20for%20passing%20necessary%20environment%20variable%20to%20conmon%20or%20runtime.%0Aconmon_env%20%3D%20%5B%0A%20%20%22PATH%3D%2Fusr%2Flocal%2Fsbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fusr%2Fsbin%3A%2Fusr%2Fbin%3A%2Fsbin%3A%2Fbin%22%2C%0A%5D%0A%0A%23%20selinux%20indicates%20whether%20or%20not%20SELinux%20will%20be%20used%20for%20pod%0A%23%20separation%20on%20the%20host.%20If%20you%20enable%20this%20flag%2C%20SELinux%20must%20be%20running%0A%23%20on%20the%20host.%0Aselinux%20%3D%20true%0A%0A%23%20seccomp_profile%20is%20the%20seccomp%20json%20profile%20path%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aseccomp_profile%20%3D%20%22%2Fetc%2Fcrio%2Fseccomp.json%22%0A%0A%23%20apparmor_profile%20is%20the%20apparmor%20profile%20name%20which%20is%20used%20as%20the%0A%23%20default%20for%20the%20runtime.%0Aapparmor_profile%20%3D%20%22crio-default%22%0A%0A%23%20cgroup_manager%20is%20the%20cgroup%20management%20implementation%20to%20be%20used%0A%23%20for%20the%20runtime.%0Acgroup_manager%20%3D%20%22systemd%22%0A%0A%23%20default_capabilities%20is%20the%20list%20of%20capabilities%20to%20add%20and%20can%20be%20modified%20here.%0A%23%20If%20capabilities%20below%20is%20commented%20out%2C%20the%20default%20list%20of%20capabilities%20defined%20in%20the%0A%23%20spec%20will%20be%20added.%0A%23%20If%20capabilities%20is%20empty%20below%2C%20only%20the%20capabilities%20defined%20in%20the%20container%20json%0A%23%20file%20by%20the%20user%2Fkube%20will%20be%20added.%0Adefault_capabilities%20%3D%20%5B%0A%20%20%22CHOWN%22%2C%20%0A%20%20%22DAC_OVERRIDE%22%2C%20%0A%20%20%22FSETID%22%2C%20%0A%20%20%22FOWNER%22%2C%20%0A%20%20%22NET_RAW%22%2C%20%0A%20%20%22SETGID%22%2C%20%0A%20%20%22SETUID%22%2C%20%0A%20%20%22SETPCAP%22%2C%20%0A%20%20%22NET_BIND_SERVICE%22%2C%20%0A%20%20%22SYS_CHROOT%22%2C%20%0A%20%20%22KILL%22%2C%20%0A%5D%0A%0A%23%20hooks_dir_path%20is%20the%20oci%20hooks%20directory%20for%20automatically%20executed%20hooks%0Ahooks_dir_path%20%3D%20%22%2Fusr%2Fshare%2Fcontainers%2Foci%2Fhooks.d%22%0A%0A%23%20default_mounts%20is%20the%20mounts%20list%20to%20be%20mounted%20for%20the%20container%20when%20created%0A%23%20deprecated%2C%20will%20be%20taken%20out%20in%20future%20versions%2C%20add%20default%20mounts%20to%20either%0A%23%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20or%20%2Fetc%2Fcontainers%2Fmounts.conf%0Adefault_mounts%20%3D%20%5B%0A%20%20%22%2Fusr%2Fshare%2Frhel%2Fsecrets%3A%2Frun%2Fsecrets%22%2C%20%0A%5D%0A%0A%23%20Path%20to%20directory%20in%20which%20container%20exit%20files%20are%20written%20to%20by%20conmon.%0Acontainer_exits_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%2Fexits%22%0A%0A%23%20Path%20to%20directory%20for%20container%20attach%20sockets.%0Acontainer_attach_socket_dir%20%3D%20%22%2Fvar%2Frun%2Fcrio%22%0A%0A%23%20CRI-O%20reads%20its%20default%20mounts%20from%20the%20following%20two%20files%3A%0A%23%201)%20%2Fetc%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20override%20file%2C%20where%20users%20can%0A%23%20either%20add%20in%20their%20own%20default%20mounts%2C%20or%20override%20the%20default%20mounts%20shipped%0A%23%20with%20the%20package.%0A%23%202)%20%2Fusr%2Fshare%2Fcontainers%2Fmounts.conf%20-%20this%20is%20the%20default%20file%20read%20for%20mounts.%0A%23%20If%20you%20want%20CRI-O%20to%20read%20from%20a%20different%2C%20specific%20mounts%20file%2C%20you%20can%20change%0A%23%20the%20default_mounts_file%20path%20right%20below.%20Note%2C%20if%20this%20is%20done%2C%20CRI-O%20will%20only%20add%0A%23%20mounts%20it%20finds%20in%20this%20file.%0A%0A%23%20default_mounts_file%20is%20the%20file%20path%20holding%20the%20default%20mounts%20to%20be%20mounted%20for%20the%0A%23%20container%20when%20created.%0A%23%20default_mounts_file%20%3D%20%22%22%0A%0A%23%20pids_limit%20is%20the%20number%20of%20processes%20allowed%20in%20a%20container%0Apids_limit%20%3D%201024%0A%0A%23%20log_size_max%20is%20the%20max%20limit%20for%20the%20container%20log%20size%20in%20bytes.%0A%23%20Negative%20values%20indicate%20that%20no%20limit%20is%20imposed.%0Alog_size_max%20%3D%20-1%0A%0A%23%20read-only%20indicates%20whether%20all%20containers%20will%20run%20in%20read-only%20mode%0Aread_only%20%3D%20false%0A%0A%23%20log_level%20changes%20the%20verbosity%20of%20the%20logs%20printed.%0A%23%20Options%20are%3A%20error%20(default)%2C%20fatal%2C%20panic%2C%20warn%2C%20info%2C%20and%20debug%0Alog_level%20%3D%20%22error%22%0A%0A%23%20The%20%22crio.image%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20OCI%20images.%0A%0A%23%20uid_mappings%20specifies%20the%20UID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerUID%3AHostUID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Auid_mappings%20%3D%20%22%22%0A%0A%23%20gid_mappings%20specifies%20the%20GID%20mappings%20to%20have%20in%20the%20user%20namespace.%0A%23%20A%20range%20is%20specified%20in%20the%20form%20containerGID%3AHostGID%3ASize.%20%20Multiple%0A%23%20ranges%20are%20separed%20by%20comma.%0Agid_mappings%20%3D%20%22%22%0A%0A%5Bcrio.image%5D%0A%0A%23%20default_transport%20is%20the%20prefix%20we%20try%20prepending%20to%20an%20image%20name%20if%20the%0A%23%20image%20name%20as%20we%20receive%20it%20can't%20be%20parsed%20as%20a%20valid%20source%20reference%0Adefault_transport%20%3D%20%22docker%3A%2F%2F%22%0A%0A%23%20pause_image%20is%20the%20image%20which%20we%20use%20to%20instantiate%20infra%20containers.%0Apause_image%20%3D%20%22quay.io%2Fopenshift-release-dev%2Focp-v4.0-art-dev%40sha256%3A0f4767e691bd6b984691dd48a13313c13fece8442d0bd43756f8e9d0145861d4%22%0A%0A%23%20If%20not%20empty%2C%20the%20path%20to%20a%20docker%2Fconfig.json-like%20file%20containing%20credentials%0A%23%20necessary%20for%20pulling%20the%20image%20specified%20by%20pause_image%C2%A0above.%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0A%0A%23%20pause_command%20is%20the%20command%20to%20run%20in%20a%20pause_image%20to%20have%20a%20container%20just%0A%23%20sit%20there.%20%20If%20the%20image%20contains%20the%20necessary%20information%2C%20this%20value%20need%0A%23%20not%20be%20specified.%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%23%20signature_policy%20is%20the%20name%20of%20the%20file%20which%20decides%20what%20sort%20of%20policy%20we%0A%23%20use%20when%20deciding%20whether%20or%20not%20to%20trust%20an%20image%20that%20we've%20pulled.%0A%23%20Outside%20of%20testing%20situations%2C%20it%20is%20strongly%20advised%20that%20this%20be%20left%0A%23%20unspecified%20so%20that%20the%20default%20system-wide%20policy%20will%20be%20used.%0Asignature_policy%20%3D%20%22%22%0A%0A%23%20image_volumes%20controls%20how%20image%20volumes%20are%20handled.%0A%23%20The%20valid%20values%20are%20mkdir%20and%20ignore.%0Aimage_volumes%20%3D%20%22mkdir%22%0A%0A%23%20CRI-O%20reads%20its%20configured%20registries%20defaults%20from%20the%20containers%2Fimage%20configuration%0A%23%20file%2C%20%2Fetc%2Fcontainers%2Fregistries.conf.%20Modify%20registries.conf%20if%20you%20want%20to%0A%23%20change%20default%20registries%20for%20all%20tools%20that%20use%20containers%2Fimage.%20%20If%20you%0A%23%20want%20to%20modify%20just%20crio%2C%20you%20can%20change%20the%20registies%20configuration%20in%20this%0A%23%20file.%0A%0A%23%20insecure_registries%20is%20used%20to%20skip%20TLS%20verification%20when%20pulling%20images.%0A%23%20insecure_registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20registries%20is%20used%20to%20specify%20a%20comma%20separated%20list%20of%20registries%20to%20be%20used%0A%23%20when%20pulling%20an%20unqualified%20image%20(e.g.%20fedora%3Arawhide).%0A%23registries%20%3D%20%5B%0A%23%20%5D%0A%0A%23%20The%20%22crio.network%22%20table%20contains%20settings%20pertaining%20to%20the%0A%23%20management%20of%20CNI%20plugins.%0A%5Bcrio.network%5D%0A%0A%23%20network_dir%20is%20is%20where%20CNI%20network%20configuration%0A%23%20files%20are%20stored.%0Anetwork_dir%20%3D%20%22%2Fetc%2Fcni%2Fnet.d%2F%22%0A%0A%23%20plugin_dir%20is%20is%20where%20CNI%20plugin%20binaries%20are%20stored.%0Aplugin_dir%20%3D%20%22%2Fusr%2Flibexec%2Fcni%22%0A"
  5. data:,# The "crio" table contains all of the server options.
  6. [crio]
  7.  
  8. # CRI-O reads its storage defaults from the containers/storage configuration
  9. # file, /etc/containers/storage.conf. Modify storage.conf if you want to
  10. # change default storage for all tools that use containers/storage. If you
  11. # want to modify just crio, you can change the storage configuration in this
  12. # file.
  13.  
  14. # root is a path to the "root directory". CRIO stores all of its data,
  15. # including container images, in this directory.
  16. #root = "/var/lib/containers/storage"
  17.  
  18. # run is a path to the "run directory". CRIO stores all of its state
  19. # in this directory.
  20. #runroot = "/var/run/containers/storage"
  21.  
  22. # storage_driver select which storage driver is used to manage storage
  23. # of images and containers.
  24. #storage_driver = ""
  25.  
  26. # storage_option is used to pass an option to the storage driver.
  27. #storage_option = [
  28. #]
  29.  
  30. # The "crio.api" table contains settings for the kubelet/gRPC interface.
  31. [crio.api]
  32.  
  33. # listen is the path to the AF_LOCAL socket on which crio will listen.
  34. listen = "/var/run/crio/crio.sock"
  35.  
  36. # stream_address is the IP address on which the stream server will listen
  37. stream_address = ""
  38.  
  39. # stream_port is the port on which the stream server will listen
  40. stream_port = "10010"
  41.  
  42. # stream_enable_tls enables encrypted tls transport of the stream server
  43. stream_enable_tls = false
  44.  
  45. # stream_tls_cert is the x509 certificate file path used to serve the encrypted stream.
  46. # This file can change, and CRIO will automatically pick up the changes within 5 minutes.
  47. stream_tls_cert = ""
  48.  
  49. # stream_tls_key is the key file path used to serve the encrypted stream.
  50. # This file can change, and CRIO will automatically pick up the changes within 5 minutes.
  51. stream_tls_key = ""
  52.  
  53. # stream_tls_ca is the x509 CA(s) file used to verify and authenticate client
  54. # communication with the tls encrypted stream.
  55. # This file can change, and CRIO will automatically pick up the changes within 5 minutes.
  56. stream_tls_ca = ""
  57.  
  58. # file_locking is whether file-based locking will be used instead of
  59. # in-memory locking
  60. file_locking = false
  61.  
  62. # The "crio.runtime" table contains settings pertaining to the OCI
  63. # runtime used and options for how to set up and manage the OCI runtime.
  64. [crio.runtime]
  65.  
  66. # runtime is the OCI compatible runtime used for trusted container workloads.
  67. # This is a mandatory setting as this runtime will be the default one
  68. # and will also be used for untrusted container workloads if
  69. # runtime_untrusted_workload is not set.
  70. runtime = "/usr/bin/runc"
  71.  
  72. # runtime_untrusted_workload is the OCI compatible runtime used for untrusted
  73. # container workloads. This is an optional setting, except if
  74. # default_container_trust is set to "untrusted".
  75. runtime_untrusted_workload = ""
  76.  
  77. # default_workload_trust is the default level of trust crio puts in container
  78. # workloads. It can either be "trusted" or "untrusted", and the default
  79. # is "trusted".
  80. # Containers can be run through different container runtimes, depending on
  81. # the trust hints we receive from kubelet:
  82. # - If kubelet tags a container workload as untrusted, crio will try first to
  83. # run it through the untrusted container workload runtime. If it is not set,
  84. # crio will use the trusted runtime.
  85. # - If kubelet does not provide any information about the container workload trust
  86. # level, the selected runtime will depend on the default_container_trust setting.
  87. # If it is set to "untrusted", then all containers except for the host privileged
  88. # ones, will be run by the runtime_untrusted_workload runtime. Host privileged
  89. # containers are by definition trusted and will always use the trusted container
  90. # runtime. If default_container_trust is set to "trusted", crio will use the trusted
  91. # container runtime for all containers.
  92. default_workload_trust = "trusted"
  93.  
  94. # no_pivot instructs the runtime to not use pivot_root, but instead use MS_MOVE
  95. no_pivot = false
  96.  
  97. # conmon is the path to conmon binary, used for managing the runtime.
  98. conmon = "/usr/libexec/crio/conmon"
  99.  
  100. # conmon_env is the environment variable list for conmon process,
  101. # used for passing necessary environment variable to conmon or runtime.
  102. conmon_env = [
  103. "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
  104. ]
  105.  
  106. # selinux indicates whether or not SELinux will be used for pod
  107. # separation on the host. If you enable this flag, SELinux must be running
  108. # on the host.
  109. selinux = true
  110.  
  111. # seccomp_profile is the seccomp json profile path which is used as the
  112. # default for the runtime.
  113. seccomp_profile = "/etc/crio/seccomp.json"
  114.  
  115. # apparmor_profile is the apparmor profile name which is used as the
  116. # default for the runtime.
  117. apparmor_profile = "crio-default"
  118.  
  119. # cgroup_manager is the cgroup management implementation to be used
  120. # for the runtime.
  121. cgroup_manager = "systemd"
  122.  
  123. # default_capabilities is the list of capabilities to add and can be modified here.
  124. # If capabilities below is commented out, the default list of capabilities defined in the
  125. # spec will be added.
  126. # If capabilities is empty below, only the capabilities defined in the container json
  127. # file by the user/kube will be added.
  128. default_capabilities = [
  129. "CHOWN",
  130. "DAC_OVERRIDE",
  131. "FSETID",
  132. "FOWNER",
  133. "NET_RAW",
  134. "SETGID",
  135. "SETUID",
  136. "SETPCAP",
  137. "NET_BIND_SERVICE",
  138. "SYS_CHROOT",
  139. "KILL",
  140. ]
  141.  
  142. # hooks_dir_path is the oci hooks directory for automatically executed hooks
  143. hooks_dir_path = "/usr/share/containers/oci/hooks.d"
  144.  
  145. # default_mounts is the mounts list to be mounted for the container when created
  146. # deprecated, will be taken out in future versions, add default mounts to either
  147. # /usr/share/containers/mounts.conf or /etc/containers/mounts.conf
  148. default_mounts = [
  149. "/usr/share/rhel/secrets:/run/secrets",
  150. ]
  151.  
  152. # Path to directory in which container exit files are written to by conmon.
  153. container_exits_dir = "/var/run/crio/exits"
  154.  
  155. # Path to directory for container attach sockets.
  156. container_attach_socket_dir = "/var/run/crio"
  157.  
  158. # CRI-O reads its default mounts from the following two files:
  159. # 1) /etc/containers/mounts.conf - this is the override file, where users can
  160. # either add in their own default mounts, or override the default mounts shipped
  161. # with the package.
  162. # 2) /usr/share/containers/mounts.conf - this is the default file read for mounts.
  163. # If you want CRI-O to read from a different, specific mounts file, you can change
  164. # the default_mounts_file path right below. Note, if this is done, CRI-O will only add
  165. # mounts it finds in this file.
  166.  
  167. # default_mounts_file is the file path holding the default mounts to be mounted for the
  168. # container when created.
  169. # default_mounts_file = ""
  170.  
  171. # pids_limit is the number of processes allowed in a container
  172. pids_limit = 1024
  173.  
  174. # log_size_max is the max limit for the container log size in bytes.
  175. # Negative values indicate that no limit is imposed.
  176. log_size_max = -1
  177.  
  178. # read-only indicates whether all containers will run in read-only mode
  179. read_only = false
  180.  
  181. # log_level changes the verbosity of the logs printed.
  182. # Options are: error (default), fatal, panic, warn, info, and debug
  183. log_level = "error"
  184.  
  185. # The "crio.image" table contains settings pertaining to the
  186. # management of OCI images.
  187.  
  188. # uid_mappings specifies the UID mappings to have in the user namespace.
  189. # A range is specified in the form containerUID:HostUID:Size. Multiple
  190. # ranges are separed by comma.
  191. uid_mappings = ""
  192.  
  193. # gid_mappings specifies the GID mappings to have in the user namespace.
  194. # A range is specified in the form containerGID:HostGID:Size. Multiple
  195. # ranges are separed by comma.
  196. gid_mappings = ""
  197.  
  198. [crio.image]
  199.  
  200. # default_transport is the prefix we try prepending to an image name if the
  201. # image name as we receive it can't be parsed as a valid source reference
  202. default_transport = "docker://"
  203.  
  204. # pause_image is the image which we use to instantiate infra containers.
  205. pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0f4767e691bd6b984691dd48a13313c13fece8442d0bd43756f8e9d0145861d4"
  206.  
  207. # If not empty, the path to a docker/config.json-like file containing credentials
  208. # necessary for pulling the image specified by pause_image above.
  209. pause_image_auth_file = "/var/lib/kubelet/config.json"
  210.  
  211. # pause_command is the command to run in a pause_image to have a container just
  212. # sit there. If the image contains the necessary information, this value need
  213. # not be specified.
  214. pause_command = "/usr/bin/pod"
  215.  
  216. # signature_policy is the name of the file which decides what sort of policy we
  217. # use when deciding whether or not to trust an image that we've pulled.
  218. # Outside of testing situations, it is strongly advised that this be left
  219. # unspecified so that the default system-wide policy will be used.
  220. signature_policy = ""
  221.  
  222. # image_volumes controls how image volumes are handled.
  223. # The valid values are mkdir and ignore.
  224. image_volumes = "mkdir"
  225.  
  226. # CRI-O reads its configured registries defaults from the containers/image configuration
  227. # file, /etc/containers/registries.conf. Modify registries.conf if you want to
  228. # change default registries for all tools that use containers/image. If you
  229. # want to modify just crio, you can change the registies configuration in this
  230. # file.
  231.  
  232. # insecure_registries is used to skip TLS verification when pulling images.
  233. # insecure_registries = [
  234. # ]
  235.  
  236. # registries is used to specify a comma separated list of registries to be used
  237. # when pulling an unqualified image (e.g. fedora:rawhide).
  238. #registries = [
  239. # ]
  240.  
  241. # The "crio.network" table contains settings pertaining to the
  242. # management of CNI plugins.
  243. [crio.network]
  244.  
  245. # network_dir is is where CNI network configuration
  246. # files are stored.
  247. network_dir = "/etc/cni/net.d/"
  248.  
  249. # plugin_dir is is where CNI plugin binaries are stored.
  250. plugin_dir = "/usr/libexec/cni"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement