When running sysbox with containerd > 2.0, it doesn't have to install CRI-O, which is great. However, if you pin the containerd config scheme version to "2" (which is the case for AKS, for example), then there is no backwards compatibility for the containerd v1 scheme ("plugins."io.containerd.grpc.v1.cri").
Wrong (current result):
oom_score = -999
version = 2
[metrics]
address = "0.0.0.0:10257"
[plugins]
[plugins."io.containerd.cri.v1.images"]
[plugins."io.containerd.cri.v1.images".pinned_images]
sandbox = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.6"
[plugins."io.containerd.cri.v1.images".registry]
config_path = "/etc/containerd/certs.d"
[plugins."io.containerd.cri.v1.images".registry.headers]
X-Meta-Source-Client = ["azure/aks"]
[plugins."io.containerd.cri.v1.runtime"]
[plugins."io.containerd.cri.v1.runtime".containerd]
default_runtime_name = "runc"
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes]
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runc.options]
BinaryName = "/usr/bin/runc"
SystemdCgroup = true
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.untrusted]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.untrusted.options]
BinaryName = "/usr/bin/runc"
[plugins."io.containerd.grpc.v1.cri"]
[plugins."io.containerd.grpc.v1.cri".containerd]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.sysbox-runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.sysbox-runc.options]
BinaryName = "/usr/bin/sysbox-runc"
SystemdCgroup = trueWorking:
oom_score = -999
version = 2
[metrics]
address = "0.0.0.0:10257"
[plugins]
[plugins."io.containerd.cri.v1.images"]
[plugins."io.containerd.cri.v1.images".pinned_images]
sandbox = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.6"
[plugins."io.containerd.cri.v1.images".registry]
config_path = "/etc/containerd/certs.d"
[plugins."io.containerd.cri.v1.images".registry.headers]
X-Meta-Source-Client = ["azure/aks"]
[plugins."io.containerd.cri.v1.runtime"]
[plugins."io.containerd.cri.v1.runtime".containerd]
default_runtime_name = "runc"
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes]
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runc.options]
BinaryName = "/usr/bin/runc"
SystemdCgroup = true
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.untrusted]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.untrusted.options]
BinaryName = "/usr/bin/runc"
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.sysbox-runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.cri.v1.runtime".containerd.runtimes.sysbox-runc.options]
BinaryName = "/usr/bin/sysbox-runc"
SystemdCgroup = trueI do not know if the working config is complete / secure - but technically, this runs in AKS running Kubernetes 1.33 with Ubuntu 24.04.
Relates to:
When running sysbox with containerd > 2.0, it doesn't have to install CRI-O, which is great. However, if you pin the containerd config scheme version to "2" (which is the case for AKS, for example), then there is no backwards compatibility for the containerd v1 scheme (
"plugins."io.containerd.grpc.v1.cri").Wrong (current result):
Working:
I do not know if the working config is complete / secure - but technically, this runs in AKS running Kubernetes 1.33 with Ubuntu 24.04.
Relates to: