summaryrefslogtreecommitdiffhomepage
path: root/shim/configure-containerd-shim-runsc-v1.md
blob: 977ceacbd14ce6b56f9f65bb617f1a66bf5f04ef (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# Configure containerd-shim-runsc-v1 (Shim V2)

This document describes how to configure runtime options for
`containerd-shim-runsc-v1`.  This is follows on to the instructions of
[Runtime Handler Quick Start (shim v2) (containerd >=1.2)](runtime-handler-shim-v2-quickstart.md)
and requires containerd 1.3 or later.

### Update `/etc/containerd/config.toml` to point to a configuration file for `containerd-shim-runsc-v1`.

`containerd-shim-runsc-v1` supports a few different configuration options based
on the version of containerd that is used. For versions >= 1.3, it supports a
configurable config path in the containerd runtime configuration.

```shell
{ # Step 1: Update runtime options for runsc in containerd config.toml
cat <<EOF | sudo tee /etc/containerd/config.toml
disabled_plugins = ["restart"]
[plugins.linux]
  shim_debug = true
[plugins.cri.containerd.runtimes.runsc]
  runtime_type = "io.containerd.runsc.v1"
[plugins.cri.containerd.runtimes.runsc.options]
  TypeUrl = "io.containerd.runsc.v1.options"
  ConfigPath = "/etc/containerd/runsc.toml"
EOF
}
```

### Configure `/etc/containerd/runsc.toml`

The set of options that can be configured can be found in
[options.go](../pkg/v2/options/options.go).

#### Example: Enable the KVM platform

gVisor enables the use of a number of platforms. This example shows how to
configure `containerd-shim-runsc-v1` to use gvisor with the KVM platform.

Find out more about platform in the
(gVisor documentation)[https://gvisor.dev/docs/user_guide/platforms/].

```shell
cat <<EOF | sudo tee /etc/containerd/runsc.toml
[runsc_config]
platform = "kvm"
EOF
```

### Example: Enable gVisor debug logging

gVisor debug logging can be enabled by setting the `debug` and `debug-log`
flag. The shim will replace "%ID%" with the container ID in the path of the
`debug-log` flag.

Find out more about debugging in the
(gVisor documentation)[https://gvisor.dev/docs/user_guide/debugging/].

```shell
cat <<EOF | sudo tee /etc/containerd/runsc.toml
[runsc_config]
  debug=true
  debug-log=/var/log/%ID%/gvisor.log
EOF
```

## Restart `containerd`

When you are done restart containerd to pick up the new configuration files.

```shell
sudo systemctl restart containerd
```