From 2f84567a6911b7258d17a967081b1d464990473d Mon Sep 17 00:00:00 2001
From: Lola Delannoy <adelannoy@wiremind.io>
Date: Wed, 21 Aug 2024 06:13:05 +0200
Subject: [PATCH] Add containerd config options (#11080)

* chore(containerd): add some config debug options

See: https://github.com/containerd/containerd/blob/v1.7.15/docs/man/containerd-config.toml.5.md

* chore(containerd): add CRI config options

See: https://github.com/containerd/containerd/blob/v1.7.15/docs/man/containerd-config.toml.5.md
See: https://github.com/containerd/containerd/blob/v1.7.15/docs/cri/config.md
---
 inventory/sample/group_vars/all/containerd.yml      | 13 +++++++++++++
 roles/container-engine/containerd/defaults/main.yml | 10 ++++++++++
 .../containerd/templates/config.toml.j2             |  9 +++++++++
 3 files changed, 32 insertions(+)

diff --git a/inventory/sample/group_vars/all/containerd.yml b/inventory/sample/group_vars/all/containerd.yml
index 1888b2418..c8fa41943 100644
--- a/inventory/sample/group_vars/all/containerd.yml
+++ b/inventory/sample/group_vars/all/containerd.yml
@@ -24,8 +24,21 @@
 # containerd_grpc_max_recv_message_size: 16777216
 # containerd_grpc_max_send_message_size: 16777216
 
+# Containerd debug socket location: unix or tcp format
+# containerd_debug_address: ""
+
+# Containerd log level
 # containerd_debug_level: "info"
 
+# Containerd logs format, supported values: text, json
+# containerd_debug_format: ""
+
+# Containerd debug socket UID
+# containerd_debug_uid: 0
+
+# Containerd debug socket GID
+# containerd_debug_gid: 0
+
 # containerd_metrics_address: ""
 
 # containerd_metrics_grpc_histogram: false
diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
index 291e96e34..f04bb927a 100644
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -46,7 +46,11 @@ containerd_base_runtime_specs:
 containerd_grpc_max_recv_message_size: 16777216
 containerd_grpc_max_send_message_size: 16777216
 
+containerd_debug_address: ""
 containerd_debug_level: "info"
+containerd_debug_format: ""
+containerd_debug_uid: 0
+containerd_debug_gid: 0
 
 containerd_metrics_address: ""
 
@@ -66,6 +70,12 @@ containerd_enable_unprivileged_ports: false
 # If enabled it will allow non root users to use icmp sockets
 containerd_enable_unprivileged_icmp: false
 
+containerd_enable_selinux: false
+containerd_disable_apparmor: false
+containerd_tolerate_missing_hugetlb_controller: true
+containerd_disable_hugetlb_controller: true
+containerd_image_pull_progress_timeout: 5m
+
 containerd_cfg_dir: /etc/containerd
 
 # Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally
diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index 23e2d7b5b..3f65ef5d7 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -12,7 +12,11 @@ oom_score = {{ containerd_oom_score }}
   max_send_message_size = {{ containerd_grpc_max_send_message_size }}
 
 [debug]
+  address = "{{ containerd_debug_address }}"
   level = "{{ containerd_debug_level }}"
+  format = "{{ containerd_debug_format }}"
+  uid = {{ containerd_debug_uid }}
+  gid = {{ containerd_debug_gid }}
 
 [metrics]
   address = "{{ containerd_metrics_address }}"
@@ -24,6 +28,11 @@ oom_score = {{ containerd_oom_score }}
     max_container_log_line_size = {{ containerd_max_container_log_line_size }}
     enable_unprivileged_ports = {{ containerd_enable_unprivileged_ports | lower }}
     enable_unprivileged_icmp = {{ containerd_enable_unprivileged_icmp | lower }}
+    enable_selinux = {{ containerd_enable_selinux | lower }}
+    disable_apparmor = {{ containerd_disable_apparmor | lower }}
+    tolerate_missing_hugetlb_controller = {{ containerd_tolerate_missing_hugetlb_controller | lower }}
+    disable_hugetlb_controller = {{ containerd_disable_hugetlb_controller | lower }}
+    image_pull_progress_timeout = "{{ containerd_image_pull_progress_timeout }}"
 {% if enable_cdi %}
     enable_cdi = true
     cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
-- 
GitLab