From f964b3438d024e27f226f55db3e5f66dcfdb6c34 Mon Sep 17 00:00:00 2001
From: Feruzjon Muyassarov <muyassarovferuz5@gmail.com>
Date: Thu, 21 Sep 2023 10:30:19 +0300
Subject: [PATCH] Add configuration option for NRI in crio & containerd
 (#10454)

* [containerd] Add Configuration option for Node Resource Interface

Node Resource Interface (NRI) is a common is a common framework for
plugging domain or vendor-specific custom logic into container
runtime like containerd. With this commit, we introduce the
containerd_disable_nri configuration flag, providing cluster
administrators the flexibility to opt in or out (defaulted to 'out')
of this feature in containerd. In line with containerd's default
configuration, NRI is disabled by default in this containerd role
defaults.

Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>

* [cri-o] Add configuration option for Node Resource Interface

Node Resource Interface (NRI) is a common is a common framework for
plugging domain or vendor-specific custom logic into container
runtimes like containerd/crio. With this commit, we introduce the
crio_enable_nri configuration flag, providing cluster
administrators the flexibility to opt in or out (defaulted to 'out')
of this feature in cri-o runtime. In line with crio's default
configuration, NRI is disabled by default in this cri-o role
defaults.

Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>

---------

Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
---
 roles/container-engine/containerd/defaults/main.yml        | 3 +++
 roles/container-engine/containerd/templates/config.toml.j2 | 3 +++
 roles/container-engine/cri-o/defaults/main.yml             | 3 +++
 roles/container-engine/cri-o/templates/crio.conf.j2        | 5 +++++
 4 files changed, 14 insertions(+)

diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
index 05cfd95c1..9359e1aeb 100644
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -64,6 +64,9 @@ containerd_enable_unprivileged_ports: false
 # If enabled it will allow non root users to use icmp sockets
 containerd_enable_unprivileged_icmp: false
 
+# If enabled, it will activate the NRI support in containerd
+containerd_nri_disable: true
+
 containerd_cfg_dir: /etc/containerd
 
 # Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally
diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index a04ec485e..ba107ee8b 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -78,6 +78,9 @@ oom_score = {{ containerd_oom_score }}
 {% endif %}
 {% endfor %}
 
+  [plugins."io.containerd.nri.v1.nri"]
+    disable = {{ containerd_nri_disable | default(true) | lower }}
+
 {% if containerd_extra_args is defined %}
 {{ containerd_extra_args }}
 {% endif %}
diff --git a/roles/container-engine/cri-o/defaults/main.yml b/roles/container-engine/cri-o/defaults/main.yml
index 949ed69ed..053af20e6 100644
--- a/roles/container-engine/cri-o/defaults/main.yml
+++ b/roles/container-engine/cri-o/defaults/main.yml
@@ -97,3 +97,6 @@ crio_man_files:
   8:
     - crio
     - crio-status
+
+# If set to true, it will enable the NRI support in cri-o
+crio_enable_nri: false
diff --git a/roles/container-engine/cri-o/templates/crio.conf.j2 b/roles/container-engine/cri-o/templates/crio.conf.j2
index 80dc80d05..f92206e32 100644
--- a/roles/container-engine/cri-o/templates/crio.conf.j2
+++ b/roles/container-engine/cri-o/templates/crio.conf.j2
@@ -376,3 +376,8 @@ enable_metrics = {{ crio_enable_metrics | bool | lower }}
 
 # The port on which the metrics server will listen.
 metrics_port = {{ crio_metrics_port }}
+
+[crio.nri]
+
+# Enable or disable NRI (Node Resource Interface) support in CRI-O.
+enable_nri={{ crio_enable_nri | default(false) | lower }}
-- 
GitLab