containerd charm

This subordinate charm deploys the Containerd engine within a running Juju model. Containerd is an open platform for developers and sysadmins to build, ship, and run distributed applications in containers.

Containerd focuses on distributing applications as containers that can be quickly assembled from components that are run the same on different servers without environmental dependencies. This eliminates the friction between development, QA, and production environments.

States

The following states are set by this subordinate:

  • endpoint.{relation name}.available

    This state is set when containerd is available for use.

Using the Containerd subordinate charm

The Containerd subordinate charm is to be used with principal charms that need a container runtime. To use, we deploy the Containerd subordinate charm and then relate it to the principal charm.

juju deploy cs:~containers/containerd
juju add-relation containerd [principal charm]

Scale out Usage

This charm will automatically scale out with the principal charm.

Configuration

name type Default Description

| custom-registry-ca | string | | Base64 encoded Certificate Authority (CA) bundle. Setting this config allows container runtimes to pull images from registries with TLS certificates signed by an external CA. |

| custom_registries | string | [] | See notes |

| disable-juju-proxy | boolean | False | Ignore juju-http(s) proxy settings on this charm. If set to true, all juju https proxy settings will be ignored |

| enable-cgroups | boolean | False | Enable GRUB cgroup overrides cgroup_enable=memory swapaccount=1. WARNING changing this option will reboot the host - use with caution on production services. |

| gpu_driver | string | auto | Override GPU driver installation. Options are "auto", "nvidia", "none". |

| http_proxy | string | | URL to use for HTTP_PROXY to be used by Containerd. Useful in egress-filtered environments where a proxy is the only option for accessing the registry to pull images. |

| https_proxy | string | | URL to use for HTTPS_PROXY to be used by Containerd. Useful in egress-filtered environments where a proxy is the only option for accessing the registry to pull images. |

| no_proxy | string | | See notes |

| runtime | string | auto | Set a custom containerd runtime. Set "auto" to select based on hardware. |

| shim | string | containerd-shim | Set a custom containerd shim. |


custom_registries

Description:

Registry endpoints and credentials. Setting this config allows Kubelet to pull images from registries where auth is required.

The value for this config must be a JSON array of credential objects, like this: [{"host": "my.registry:port", "username": "user", "password": "pass"}]

host could be registry host address, e.g.: myregistry.io:9000, 10.10.10.10:5432. or a name, e.g.: myregistry.io, myregistry. It will be derived from url if not provided, e.g.:

  url: <http://10.10.10.10:8000> --> host: 10.10.10.10:8000

If required, you can supply credentials with option keys 'username' and 'password', or 'ca_file', 'cert_file', and 'key_file' for ssl/tls communication, which should be base64 encoded file contents in string form

"ca_file": "'"$(base64 -w 0 < my.custom.registry.pem)"'"

example config) juju config containerd custom_registries='[{

    "url": "https://registry.example.com",
    "ca_file": "'"$(base64 -w 0 < ~/my.custom.ca.pem)"'",
    "cert_file": "'"$(base64 -w 0 < ~/my.custom.cert.pem)"'",
    "key_file": "'"$(base64 -w 0 < ~/my.custom.key.pem)"'",

}]'

Back to table

no_proxy

Description:

Comma-separated list of destinations (either domain names or IP addresses) which should be accessed directly, rather than through the proxy defined in http_proxy or https_proxy. Must be less than 2023 characters long.

Back to table

Actions

You can run an action with the following

juju run-action containerd ACTION [parameters] [--wait]

debug

Collect debug data


upgrade-containerd

Force upgrades Containerd to latest repository version