containerd charm
This subordinate charm deploys the Containerd engine within a running Juju model. Containerd is an open platform for developers and sysadmins to build, ship, and run distributed applications in containers.
Containerd focuses on distributing applications as containers that can be quickly assembled from components that are run the same on different servers without environmental dependencies. This eliminates the friction between development, QA, and production environments.
States
The following states are set by this subordinate:
-
endpoint.{relation name}.available
This state is set when containerd is available for use.
Using the Containerd subordinate charm
The Containerd subordinate charm is to be used with principal charms that need a container runtime. To use, we deploy the Containerd subordinate charm and then relate it to the principal charm.
juju deploy cs:~containers/containerd
juju add-relation containerd [principal charm]
Scale out Usage
This charm will automatically scale out with the principal charm.
Configuration
name | type | Default | Description |
---|---|---|---|
custom-registry-ca | string | Base64 encoded Certificate Authority (CA) bundle. Setting this config allows container runtimes to pull images from registries with TLS certificates signed by an external CA. | |
custom_registries | string | [] | See notes |
disable-juju-proxy | boolean | False | Ignore juju-http(s) proxy settings on this charm. If set to true, all juju https proxy settings will be ignored |
enable-cgroups | boolean | False | Enable GRUB cgroup overrides cgroup_enable=memory swapaccount=1. WARNING changing this option will reboot the host - use with caution on production services. |
gpu_driver | string | auto | Override GPU driver installation. Options are “auto”, “nvidia”, “none”. |
http_proxy | string | URL to use for HTTP_PROXY to be used by Containerd. Useful in egress-filtered environments where a proxy is the only option for accessing the registry to pull images. | |
https_proxy | string | URL to use for HTTPS_PROXY to be used by Containerd. Useful in egress-filtered environments where a proxy is the only option for accessing the registry to pull images. | |
no_proxy | string | See notes | |
runtime | string | auto | Set a custom containerd runtime. Set “auto” to select based on hardware. |
shim | string | containerd-shim | Set a custom containerd shim. |
custom_registries
Registry endpoints and credentials. Setting this config allows Kubelet to pull images from registries where auth is required.
The value for this config must be a JSON array of credential objects, like this:
[{"host": "my.registry:port", "username": "user", "password": "pass"}]
host
could be registry host address, e.g.: myregistry.io:9000, 10.10.10.10:5432.
or a name, e.g.: myregistry.io, myregistry.
It will be derived from url
if not provided, e.g.:
url: <http://10.10.10.10:8000> --> host: 10.10.10.10:8000
If required, you can supply credentials with option keys ‘username’ and ‘password’, or ‘ca_file’, ‘cert_file’, and ‘key_file’ for ssl/tls communication, which should be base64 encoded file contents in string form
“ca_file”: “’”$(base64 -w 0 < my.custom.registry.pem)”’”
example config) juju config containerd custom_registries=’[{
"url": "https://registry.example.com",
"ca_file": "'"$(base64 -w 0 < ~/my.custom.ca.pem)"'",
"cert_file": "'"$(base64 -w 0 < ~/my.custom.cert.pem)"'",
"key_file": "'"$(base64 -w 0 < ~/my.custom.key.pem)"'",
}]’
no_proxy
Comma-separated list of destinations (either domain names or IP addresses) which should be accessed directly, rather than through the proxy defined in http_proxy or https_proxy. Must be less than 2023 characters long.
Actions
You can run an action with the following
juju run-action containerd ACTION [parameters] [--wait]
debug
Collect debug data
upgrade-containerd
Force upgrades Containerd to latest repository version