Skip to content

Commit 3759ec9

Browse files
austinvazquezaustinvazquez
committed
docs: add containerd 2.0+ configuration details for k8s
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
1 parent 6556200 commit 3759ec9

File tree

1 file changed

+24
-2
lines changed

1 file changed

+24
-2
lines changed

docs/kubernetes.md

Lines changed: 24 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,14 +11,17 @@ This document explains how to configure SOCI on Kubernetes. For a hands on examp
1111
## Configuration
1212

1313
SOCI on kubernetes requires two pieces of configuration:
14+
1415
1) [Containerd Configuration](#containerd-configuration) to launch containers with SOCI
1516
2) [Registry Authentication Configuration](#registry-authentication-configuration) so that SOCI can pull images from non-public container registries
1617

1718
### Containerd configuration
1819

19-
To configure containerd to launch containers with SOCI, add the following snippet to the containerd config. The config is located at `/etc/containerd/config.toml` by default.
20+
To configure containerd to launch containers with SOCI, add the following snippet to the containerd config. The config is located at `/etc/containerd/config.toml` by default.
2021

21-
```
22+
#### containerd 1.x configuration
23+
24+
```toml
2225
[proxy_plugins.soci]
2326
type = "snapshot"
2427
address = "/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock"
@@ -47,6 +50,25 @@ Breaking it down line-by-line:
4750
` snapshotter = "soci"` tells containerd to use SOCI by default. This name must match the proxy_plugin name. (this is required. See [Limitations](#limitations))
4851
` disable_snapshot_annotations = false` tells containerd to send lazy loading information to the SOCI snapshotter
4952

53+
#### containerd 2.x configuration
54+
55+
```toml
56+
[proxy_plugins.soci]
57+
type = "snapshot"
58+
address = "/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock"
59+
[proxy_plugins.soci.exports]
60+
root = "/var/lib/soci-snapshotter-grpc"
61+
62+
[plugins."io.containerd.cri.v1.images"]
63+
snapshotter = "soci"
64+
# This line is required for containerd to send information about how to lazily load the image to the snapshotter
65+
disable_snapshot_annotations = false
66+
```
67+
68+
> **NOTE**
69+
>
70+
> The change from the containerd 1.x configuration is the header for kubernetes-specific configuration.
71+
5072
### Registry Authentication Configuration
5173

5274
The SOCI snapshotter lazily pulls image content outside of the normal image pull context. As a result, it must be independently configured to receive credentials to access non-public container registries.

0 commit comments

Comments
 (0)