commit 2c3dcbb9d09a9757c26a1bc34ba5b8f263a7e554 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Add cri-o service to modules (#68153)

Signed-off-by: Sascha Grunert <sgrunert@suse.com>

authored by Sascha Grunert and committed by zimbatm.tngl.sh 6 years ago 2c3dcbb9 a1f6032e

+107

2 changed files

expand all

unified split

nixos

modules

module-list.nix

virtualisation

cri-o.nix

nixos/modules/module-list.nix

··· 938 ./virtualisation/anbox.nix 939 ./virtualisation/container-config.nix 940 ./virtualisation/containers.nix 941 ./virtualisation/docker.nix 942 ./virtualisation/docker-containers.nix 943 ./virtualisation/ecs-agent.nix

··· 938 ./virtualisation/anbox.nix 939 ./virtualisation/container-config.nix 940 ./virtualisation/containers.nix 941 + ./virtualisation/cri-o.nix 942 ./virtualisation/docker.nix 943 ./virtualisation/docker-containers.nix 944 ./virtualisation/ecs-agent.nix

+106

nixos/modules/virtualisation/cri-o.nix

···

··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.virtualisation.cri-o; 7 + in 8 + { 9 + options.virtualisation.cri-o = { 10 + enable = mkEnableOption "Container Runtime Interface for OCI (CRI-O)"; 11 + 12 + storageDriver = mkOption { 13 + type = types.enum ["btrfs" "overlay" "vfs"]; 14 + default = "overlay"; 15 + description = "Storage driver to be used"; 16 + }; 17 + 18 + logLevel = mkOption { 19 + type = types.enum ["trace" "debug" "info" "warn" "error" "fatal"]; 20 + default = "info"; 21 + description = "Log level to be used"; 22 + }; 23 + 24 + pauseImage = mkOption { 25 + type = types.str; 26 + default = "k8s.gcr.io/pause:3.1"; 27 + description = "Pause image for pod sandboxes to be used"; 28 + }; 29 + 30 + pauseCommand = mkOption { 31 + type = types.str; 32 + default = "/pause"; 33 + description = "Pause command to be executed"; 34 + }; 35 + 36 + registries = mkOption { 37 + type = types.listOf types.str; 38 + default = [ "docker.io" "quay.io" ]; 39 + description = "Registries to be configured for unqualified image pull"; 40 + }; 41 + }; 42 + 43 + config = mkIf cfg.enable { 44 + environment.systemPackages = with pkgs; 45 + [ cri-o cri-tools conmon cni-plugins iptables runc utillinux ]; 46 + environment.etc."crictl.yaml".text = '' 47 + runtime-endpoint: unix:///var/run/crio/crio.sock 48 + ''; 49 + environment.etc."crio/crio.conf".text = '' 50 + [crio] 51 + storage_driver = "${cfg.storageDriver}" 52 + 53 + [crio.image] 54 + pause_image = "${cfg.pauseImage}" 55 + pause_command = "${cfg.pauseCommand}" 56 + registries = [ 57 + ${concatMapStringsSep ", " (x: "\"" + x + "\"") cfg.registries} 58 + ] 59 + 60 + [crio.runtime] 61 + conmon = "${pkgs.conmon}/bin/conmon" 62 + log_level = "${cfg.logLevel}" 63 + manage_network_ns_lifecycle = true 64 + ''; 65 + environment.etc."containers/policy.json".text = '' 66 + {"default": [{"type": "insecureAcceptAnything"}]} 67 + ''; 68 + environment.etc."cni/net.d/20-cri-o-bridge.conf".text = '' 69 + { 70 + "cniVersion": "0.3.1", 71 + "name": "crio-bridge", 72 + "type": "bridge", 73 + "bridge": "cni0", 74 + "isGateway": true, 75 + "ipMasq": true, 76 + "ipam": { 77 + "type": "host-local", 78 + "subnet": "10.88.0.0/16", 79 + "routes": [ 80 + { "dst": "0.0.0.0/0" } 81 + ] 82 + } 83 + } 84 + ''; 85 + 86 + systemd.services.crio = { 87 + description = "Container Runtime Interface for OCI (CRI-O)"; 88 + documentation = [ "https://github.com/cri-o/cri-o" ]; 89 + wantedBy = [ "multi-user.target" ]; 90 + after = [ "network.target" ]; 91 + path = [ pkgs.utillinux pkgs.runc pkgs.iptables ]; 92 + serviceConfig = { 93 + Type = "notify"; 94 + ExecStart = "${pkgs.cri-o}/bin/crio"; 95 + ExecReload = "/bin/kill -s HUP $MAINPID"; 96 + TasksMax = "infinity"; 97 + LimitNOFILE = "1048576"; 98 + LimitNPROC = "1048576"; 99 + LimitCORE = "infinity"; 100 + OOMScoreAdjust = "-999"; 101 + TimeoutStartSec = "0"; 102 + Restart = "on-abnormal"; 103 + }; 104 + }; 105 + }; 106 + }