From ffda3656d179283031a91d8498700d10df55f1b6 Mon Sep 17 00:00:00 2001
From: Max Gautier <mg@max.gautier.name>
Date: Fri, 9 Feb 2024 14:33:16 +0000
Subject: [PATCH] Enable containerd 'discard_unpacked_layers' by default
(#10905)
* containerd: Remove redundant 'default' filters
* containerd: enable 'discard_unpacked_layers' by default
This should help with containerd disk usage
---
.../containerd/defaults/main.yml | 8 ++++++--
.../containerd/templates/config.toml.j2 | 19 ++++++++++---------
2 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
index fd36c50de..9ecace92f 100644
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -7,8 +7,8 @@ containerd_systemd_dir: "/etc/systemd/system/containerd.service.d"
# Ref: https://github.com/kubernetes-sigs/kubespray/pull/9275#issuecomment-1246499242
containerd_oom_score: 0
-# containerd_default_runtime: "runc"
-# containerd_snapshotter: "native"
+containerd_default_runtime: "runc"
+containerd_snapshotter: "overlayfs"
containerd_runc_runtime:
name: runc
@@ -36,6 +36,10 @@ containerd_default_base_runtime_spec_patch:
hard: "{{ containerd_base_runtime_spec_rlimit_nofile }}"
soft: "{{ containerd_base_runtime_spec_rlimit_nofile }}"
+# Can help reduce disk usage
+# https://github.com/containerd/containerd/discussions/6295
+containerd_discard_unpacked_layers: true
+
containerd_base_runtime_specs:
cri-base.json: "{{ containerd_default_base_runtime_spec | combine(containerd_default_base_runtime_spec_patch, recursive=1) }}"
diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index e1d4ab2df..30773aacc 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -4,29 +4,30 @@ state = "{{ containerd_state_dir }}"
oom_score = {{ containerd_oom_score }}
[grpc]
- max_recv_message_size = {{ containerd_grpc_max_recv_message_size | default(16777216) }}
- max_send_message_size = {{ containerd_grpc_max_send_message_size | default(16777216) }}
+ max_recv_message_size = {{ containerd_grpc_max_recv_message_size }}
+ max_send_message_size = {{ containerd_grpc_max_send_message_size }}
[debug]
- level = "{{ containerd_debug_level | default('info') }}"
+ level = "{{ containerd_debug_level }}"
[metrics]
- address = "{{ containerd_metrics_address | default('') }}"
- grpc_histogram = {{ containerd_metrics_grpc_histogram | default(false) | lower }}
+ address = "{{ containerd_metrics_address }}"
+ grpc_histogram = {{ containerd_metrics_grpc_histogram | lower }}
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "{{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
max_container_log_line_size = {{ containerd_max_container_log_line_size }}
- enable_unprivileged_ports = {{ containerd_enable_unprivileged_ports | default(false) | lower }}
- enable_unprivileged_icmp = {{ containerd_enable_unprivileged_icmp | default(false) | lower }}
+ enable_unprivileged_ports = {{ containerd_enable_unprivileged_ports | lower }}
+ enable_unprivileged_icmp = {{ containerd_enable_unprivileged_icmp | lower }}
{% if enable_cdi %}
enable_cdi = true
cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
{% endif %}
[plugins."io.containerd.grpc.v1.cri".containerd]
- default_runtime_name = "{{ containerd_default_runtime | default('runc') }}"
- snapshotter = "{{ containerd_snapshotter | default('overlayfs') }}"
+ default_runtime_name = "{{ containerd_default_runtime }}"
+ snapshotter = "{{ containerd_snapshotter }}"
+ discard_unpacked_layers = {{ containerd_discard_unpacked_layers | lower }}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
{% for runtime in [containerd_runc_runtime] + containerd_additional_runtimes %}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.{{ runtime.name }}]
--
GitLab