1crio.conf(5)(Kubernetes) Daemon crio.conf(5)(Kubernetes)
2Aleksa Sarai OCTOBER 2016
6
9 crio.conf - configuration file of the CRI-O OCI Kubernetes Container
10 Runtime daemon
11
15 The CRI-O configuration file specifies all of the available configura‐
16 tion options and command-line flags for the crio(8) OCI Kubernetes Con‐
17 tainer Runtime daemon ⟨./crio.8.md⟩, but in a TOML format that can be
18 more easily modified and versioned.
19 CRI-O supports partial configuration reload during runtime, which can
22 be done by sending SIGHUP to the running process. Currently supported
23 options in crio.conf are explicitly marked with 'This option supports
24 live configuration reload'.
25 The containers-registries.conf(5) file can be reloaded as well by send‐
28 ing SIGHUP to the crio process.
29 The default crio.conf is located at /etc/crio/crio.conf.
32
36 The TOML format ⟨https://github.com/toml-lang/toml⟩ is used as the en‐
37 coding of the configuration file. Every option and subtable listed here
38 is nested under a global "crio" table. No bare options are used. The
39 format of TOML can be simplified to:
40 [table]
42 option = value
43 [table.subtable1]
45 option = value
46 [table.subtable2]
48 option = value
49
53 CRI-O reads its storage defaults from the containers-storage.conf(5)
54 file located at /etc/containers/storage.conf. Modify this storage con‐
55 figuration if you want to change the system's defaults. If you want to
56 modify storage just for CRI-O, you can change the storage configuration
57 options here.
58 root="/var/lib/containers/storage"
61 Path to the "root directory". CRI-O stores all of its data, including
62 containers images, in this directory.
63 runroot="/var/run/containers/storage"
66 Path to the "run directory". CRI-O stores all of its state in this
67 directory.
68 storage_driver="overlay"
71 Storage driver used to manage the storage of images and containers.
72 Please refer to containers-storage.conf(5) to see all available storage
73 drivers.
74 storage_option=[]
77 List to pass options to the storage driver. Please refer to contain‐
78 ers-storage.conf(5) to see all available storage options.
79 log_dir="/var/log/crio/pods"
82 The default log directory where all logs will go unless directly
83 specified by the kubelet. The log directory specified must be an abso‐
84 lute directory.
85 version_file="/var/run/crio/version"
88 Location for CRI-O to lay down the temporary version file.
89 It is used to check if crio wipe should wipe containers, which should
90 always happen on a node reboot
91 version_file_persist=""
94 Location for CRI-O to lay down the persistent version file.
95 It is used to check if crio wipe should wipe images, which should
96 only happen when CRI-O has been upgraded
97 internal_wipe=true
100 This option is currently DEPRECATED, and will be removed in the fu‐
101 ture.
102 Whether CRI-O should wipe containers after a reboot and images after
103 an upgrade when the server starts.
104 If set to false, one must run crio wipe to wipe the containers and
105 images in these situations.
106 clean_shutdown_file="/var/lib/crio/clean.shutdown"
109 Location for CRI-O to lay down the clean shutdown file.
110 It is used to check whether crio had time to sync before shutting
111 down.
112 If not found, crio wipe will clear the storage directory.
113
116 The crio.api table contains settings for the kubelet/gRPC interface.
117 listen="/var/run/crio/crio.sock"
120 Path to AF_LOCAL socket on which CRI-O will listen.
121 stream_address="127.0.0.1"
124 IP address on which the stream server will listen.
125 stream_port="0"
128 The port on which the stream server will listen. If the port is set
129 to "0", then CRI-O will allocate a random free port number.
130 stream_enable_tls=false
133 Enable encrypted TLS transport of the stream server.
134 stream_idle_timeout=""
137 Length of time until open streams terminate due to lack of activity.
138 stream_tls_cert=""
141 Path to the x509 certificate file used to serve the encrypted stream.
142 This file can change and CRI-O will automatically pick up the changes
143 within 5 minutes.
144 stream_tls_key=""
147 Path to the key file used to serve the encrypted stream. This file
148 can change and CRI-O will automatically pick up the changes within 5
149 minutes.
150 stream_tls_ca=""
153 Path to the x509 CA(s) file used to verify and authenticate client
154 communication with the encrypted stream. This file can change and CRI-O
155 will automatically pick up the changes within 5 minutes.
156 grpc_max_send_msg_size=83886080
159 Maximum grpc send message size in bytes. If not set or <=0, then CRI-
160 O will default to 80 * 1024 * 1024.
161 grpc_max_recv_msg_size=83886080
164 Maximum grpc receive message size. If not set or <= 0, then CRI-O
165 will default to 80 * 1024 * 1024.
166
169 The crio.runtime table contains settings pertaining to the OCI runtime
170 used and options for how to set up and manage the OCI runtime.
171 default_runtime="runc"
174 The name of the OCI runtime to be used as the default. This option
175 supports live configuration reload.
176 default_ulimits=[]
179 A list of ulimits to be set in containers by default, specified as
180 "=:", for example:"nofile=1024:2048". If nothing is set here, settings
181 will be inherited from the CRI-O daemon.
182 no_pivot=false
185 If true, the runtime will not use pivot_root, but instead use
186 MS_MOVE.
187 decryption_keys_path="/etc/crio/keys/"
190 Path where the keys required for image decryption are located
191 conmon=""
194 Path to the conmon binary, used for monitoring the OCI runtime. Will
195 be searched for using $PATH if empty.
196 This option is currently deprecated, and will be replaced with Run‐
197 timeHandler.MonitorPath.
198 conmon_cgroup=""
201 Cgroup setting for conmon
202 This option is currently deprecated, and will be replaced with Run‐
203 timeHandler.MonitorCgroup.
204 conmon_env=[]
207 Environment variable list for the conmon process, used for passing
208 necessary environment variables to conmon or the runtime.
209 This option is currently deprecated, and will be replaced with Run‐
210 timeHandler.MonitorEnv.
211 default_env=[]
214 Additional environment variables to set for all the containers. These
215 are overridden if set in the container image spec or in the container
216 runtime configuration.
217 selinux=false
220 If true, SELinux will be used for pod separation on the host.
221 seccomp_profile=""
224 Path to the seccomp.json profile which is used as the default seccomp
225 profile for the runtime. If not specified, then the internal default
226 seccomp profile will be used.
227 This option is currently deprecated, and will be replaced by the Sec‐
228 compDefault FeatureGate in Kubernetes.
229 seccomp_use_default_when_empty=true
232 Changes the meaning of an empty seccomp profile. By default (and ac‐
233 cording to CRI spec), an empty profile means unconfined.
234 This option tells CRI-O to treat an empty profile as the default pro‐
235 file, which might increase security.
236 apparmor_profile=""
239 Used to change the name of the default AppArmor profile of CRI-O. The
240 default profile name is "crio-default".
241 blockio_config_file=""
244 Path to the blockio class configuration file for configuring the
245 cgroup blockio controller.
246 cdi_spec_dirs=[]
249 Directories to scan for Container Device Interface Specifications to
250 enable CDI device injection. For more details about CDI and the syntax
251 of CDI Spec files please refer to https://github.com/container-orches‐
252 trated-devices/container-device-interface.
253 Directories later in the list have precedence over earlier ones. The
256 default directory list is:
257 cdi_spec_dirs = [
259 "/etc/cdi",
260 "/var/run/cdi",
261 ]
262 irqbalance_config_file="/etc/sysconfig/irqbalance"
266 Used to change irqbalance service config file which is used by CRI-O.
267 For CentOS/SUSE, this file is located at /etc/sysconfig/irqbalance.
268 For Ubuntu, this file is located at /etc/default/irqbalance.
269 irqbalance_config_restore_file="/etc/sysconfig/orig_irq_banned_cpus"
272 Used to set the irqbalance banned cpu mask to restore at CRI-O
273 startup. If set to 'disable', no restoration attempt will be done.
274 rdt_config_file=""
277 Path to the RDT configuration file for configuring the resctrl
278 pseudo-filesystem.
279 cgroup_manager="systemd"
282 Cgroup management implementation used for the runtime.
283 default_capabilities=[]
286 List of default capabilities for containers. If it is empty or com‐
287 mented out, only the capabilities defined in the container json file by
288 the user/kube will be added.
289 The default list is:
292 default_capabilities = [
294 "CHOWN",
295 "DAC_OVERRIDE",
296 "FSETID",
297 "FOWNER",
298 "SETGID",
299 "SETUID",
300 "SETPCAP",
301 "NET_BIND_SERVICE",
302 "KILL",
303 ]
304 add_inheritable_capabilities=false
308 Add capabilities to the inheritable set, as well as the default group
309 of permitted, bounding and effective.
310 If capabilities are expected to work for non-root users, this option
311 should be set.
312 default_sysctls=[]
315 List of default sysctls. If it is empty or commented out, only the
316 sysctls defined in the container json file by the user/kube will be
317 added.
318 One example would be allowing ping inside of containers. On systems
321 that support /proc/sys/net/ipv4/ping_group_range, the default list
322 could be:
323 default_sysctls = [
325 "net.ipv4.ping_group_range = 0 2147483647",
326 ]
327 allowed_devices=[]
331 List of devices on the host that a user can specify with the "io.ku‐
332 bernetes.cri-o.Devices" allowed annotation.
333 additional_devices=[]
336 List of additional devices. Specified as "::", for example: "--addi‐
337 tional-devices=/dev/sdc:/dev/xvdc:rwm". If it is empty or commented
338 out, only the devices defined in the container json file by the
339 user/kube will be added.
340 hooks_dir=["path", ...]
343 Each *.json file in the path configures a hook for CRI-O containers.
344 For more details on the syntax of the JSON files and the semantics of
345 hook injection, see oci-hooks(5). CRI-O currently support both the
346 1.0.0 and 0.1.0 hook schemas, although the 0.1.0 schema is deprecated.
347 Paths listed later in the array have higher precedence (oci-hooks(5)
350 discusses directory precedence).
351 For the annotation conditions, CRI-O uses the Kubernetes annotations,
354 which are a subset of the annotations passed to the OCI runtime. For
355 example, io.kubernetes.cri-o.Volumes is part of the OCI runtime config‐
356 uration annotations, but it is not part of the Kubernetes annotations
357 being matched for hooks.
358 For the bind-mount conditions, only mounts explicitly requested by Ku‐
361 bernetes configuration are considered. Bind mounts that CRI-O inserts
362 by default (e.g. /dev/shm) are not considered.
363 default_mounts=[]
366 List of default mounts for each container. Deprecated: this option
367 will be removed in future versions in favor of default_mounts_file.
368 default_mounts_file=""
371 Path to the file specifying the defaults mounts for each container.
372 The format of the config is /SRC:/DST, one mount per line. Notice that
373 CRI-O reads its default mounts from the following two files:
374 1) `/etc/containers/mounts.conf` (i.e., default_mounts_file): This is the override file, where users can either add in their own default mounts, or override the default mounts shipped with the package.
376 2) `/usr/share/containers/mounts.conf`: This is the default file read for mounts. If you want CRI-O to read from a different, specific mounts file, you can change the default_mounts_file. Note, if this is done, CRI-O will only add mounts it finds in this file.
378 pids_limit=0
382 Maximum number of processes allowed in a container.
383 This option is deprecated. The Kubelet flag --pod-pids-limit should
384 be used instead.
385 log_filter=""
388 Filter the log messages by the provided regular expression. This op‐
389 tion supports live configuration reload. For example 'request:.*' fil‐
390 ters all gRPC requests.
391 log_level="info"
394 Changes the verbosity of the logs based on the level it is set to.
395 Options are fatal, panic, error, warn, info, debug, and trace. This op‐
396 tion supports live configuration reload.
397 log_size_max=-1
400 Maximum size allowed for the container log file. Negative numbers in‐
401 dicate that no size limit is imposed. If it is positive, it must be >=
402 8192 to match/exceed conmon's read buffer. The file is truncated and
403 re-opened so the limit is never exceeded.
404 This option is deprecated. The Kubelet flag --container-log-max-size
405 should be used instead.
406 log_to_journald=false
409 Whether container output should be logged to journald in addition to
410 the kuberentes log file.
411 container_exits_dir="/var/run/crio/exits"
414 Path to directory in which container exit files are written to by
415 conmon.
416 container_attach_socket_dir="/var/run/crio"
419 Path to directory for container attach sockets.
420 bind_mount_prefix=""
423 A prefix to use for the source of the bind mounts. This option would
424 be useful when running CRI-O in a container and the / directory on the
425 host is mounted as /host in the container. Then if CRI-O runs with the
426 --bind-mount-prefix=/host option, CRI-O would add the /host directory
427 to any bind mounts it hands over to CRI. If Kubernetes asked to have
428 /var/lib/foobar bind mounted into the container, then CRI-O would bind
429 mount /host/var/lib/foobar. Since CRI-O itself is running in a con‐
430 tainer with / or the host mounted on /host, the container would end up
431 with /var/lib/foobar from the host mounted in the container rather than
432 /var/lib/foobar from the CRI-O container.
433 read_only=false
436 If set to true, all containers will run in read-only mode.
437 uid_mappings=""
440 The UID mappings for the user namespace of each container. A range is
441 specified in the form containerUID:HostUID:Size. Multiple ranges must
442 be separated by comma.
443 minimum_mappable_uid=-1
446 The lowest host UID which can be specified in mappings supplied, ei‐
447 ther as part of a uid_mappings or as part of a request received over
448 CRI, for a pod that will be run as a UID other than 0.
449 gid_mappings=""
452 The GID mappings for the user namespace of each container. A range is
453 specified in the form containerGID:HostGID:Size. Multiple ranges must
454 be separated by comma.
455 minimum_mappable_gid=-1
458 The lowest host GID which can be specified in mappings supplied, ei‐
459 ther as part of a gid_mappings or as part of a request received over
460 CRI, for a pod that will be run as a UID other than 0.
461 ctr_stop_timeout=30
464 The minimal amount of time in seconds to wait before issuing a time‐
465 out regarding the proper termination of the container.
466 drop_infra_ctr=true
469 Determines whether we drop the infra container when a pod does not
470 have a private PID namespace, and does not use a kernel separating run‐
471 time (like kata).
472 Requies manage_ns_lifecycle to be true.
473 infra_ctr_cpuset=""
476 Determines the CPU set to run infra containers. If not specified,
477 the CRI-O will use all online CPUs to run infra containers.
478 You can specify CPUs in the Linux CPU list format.
479 To get better isolation for guaranteed pods, set this parameter to
480 be equal to kubelet reserved-cpus.
481 namespaces_dir="/var/run"
484 The directory where the state of the managed namespaces gets tracked.
485 Only used when manage_ns_lifecycle is true
486 pinns_path=""
489 The path to find the pinns binary, which is needed to manage name‐
490 space lifecycle
491 absent_mount_sources_to_reject=[]
494 A list of paths that, when absent from the host, will cause a con‐
495 tainer creation to fail (as opposed to the current behavior of creating
496 a directory).
497 device_ownership_from_security_context=false
500 Changes the default behavior of setting container devices uid/gid
501 from CRI's SecurityContext (RunAsUser/RunAsGroup) instead of taking
502 host's uid/gid.
503 enable_criu_support=false
506 Enable CRIU integration, requires that the criu binary is available
507 in $PATH. (default: false)
508 enable_pod_events=false Enable CRI-O to generate the container pod-
511 level events in order to optimize the performance of the Pod Lifecycle
512 Event Generator (PLEG) module in Kubelet.
513 hostnetwork_disable_selinux=true
516 Determines whether SELinux should be disabled within a pod when it is
517 running in the host network namespace.
518 CRIO.RUNTIME.RUNTIMES TABLE
521 The "crio.runtime.runtimes" table defines a list of OCI compatible run‐
522 times. The runtime to use is picked based on the runtime handler pro‐
523 vided by the CRI. If no runtime handler is provided, the runtime will
524 be picked based on the level of trust of the workload. This option sup‐
525 ports live configuration reload. This option supports live configura‐
526 tion reload.
527 runtime_path=""
530 Path to the OCI compatible runtime used for this runtime handler.
531 runtime_root=""
534 Root directory used to store runtime data
535 runtime_type="oci"
538 Type of the runtime used for this runtime handler. "oci", "vm"
539 runtime_config_path=""
542 Path to the runtime configuration file, should only be used with VM
543 runtime types
544 privileged_without_host_devices=false
547 Whether this runtime handler prevents host devices from being passed
548 to privileged containers.
549 allowed_annotations=[]
552 This field is currently DEPRECATED. If you'd like to use allowed_an‐
553 notations, please use a workload.
554 A list of experimental annotations this runtime handler is allowed to
555 process.
556 The currently recognized values are:
557 "io.kubernetes.cri-o.userns-mode" for configuring a user namespace
558 for the pod.
559 "io.kubernetes.cri-o.Devices" for configuring devices for the pod.
560 "io.kubernetes.cri-o.ShmSize" for configuring the size of /dev/shm.
561 "io.kubernetes.cri-o.UnifiedCgroup.$CTR_NAME" for configuring the
562 cgroup v2 unified block for a container.
563 "io.containers.trace-syscall" for tracing syscalls via the OCI sec‐
564 comp BPF hook.
565 platform_runtime_paths={}
568 A mapping of platforms to the corresponding runtime executable paths
569 for the runtime handler.
570 CRIO.RUNTIME.WORKLOADS TABLE
573 The "crio.runtime.workloads" table defines a list of workloads - a way
574 to customize the behavior of a pod and container. A workload is chosen
575 for a pod based on whether the workload's activation_annotation is an
576 annotation on the pod.
577 activation_annotation=""
580 activation_annotation is the pod annotation that activates these
581 workload settings.
582 annotation_prefix=""
585 annotation_prefix is the way a pod can override a specific resource
586 for a container.
587 The full annotation must be of the form $annotation_prefix.$re‐
588 source/$ctrname = $value.
589 allowed_annotations=[]
592 allowed_annotations is a slice of experimental annotations that this
593 workload is allowed to process.
594 The currently recognized values are:
595 "io.kubernetes.cri-o.userns-mode" for configuring a user namespace
596 for the pod.
597 "io.kubernetes.cri-o.Devices" for configuring devices for the pod.
598 "io.kubernetes.cri-o.ShmSize" for configuring the size of /dev/shm.
599 "io.kubernetes.cri-o.UnifiedCgroup.$CTR_NAME" for configuring the
600 cgroup v2 unified block for a container.
601 "io.containers.trace-syscall" for tracing syscalls via the OCI sec‐
602 comp BPF hook.
603 "io.kubernetes.cri-o.seccompNotifierAction" for enabling the seccomp
604 notifier feature.
605 "io.kubernetes.cri-o.umask" for setting the umask for container init
606 process.
607 Using the seccomp notifier feature:
610 This feature can help you to debug seccomp related issues, for example
611 if blocked syscalls (permission denied errors) have negative impact on
612 the workload.
613 To be able to use this feature, configure a runtime which has the anno‐
616 tation "io.kubernetes.cri-o.seccompNotifierAction" in the allowed_anno‐
617 tations array.
618 It also requires at least runc 1.1.0 or crun 0.19 which support the no‐
621 tifier feature.
622 If everything is setup, CRI-O will modify chosen seccomp profiles for
625 containers if the annotation "io.kubernetes.cri-o.seccompNotifierAc‐
626 tion" is set on the Pod sandbox. CRI-O will then get notified if a con‐
627 tainer is using a blocked syscall and then terminate the workload after
628 a timeout of 5 seconds if the value of "io.kubernetes.cri-o.seccompNo‐
629 tifierAction=stop".
630 This also means that multiple syscalls can be captured during that pe‐
633 riod, while the timeout will get reset once a new syscall has been dis‐
634 covered.
635 This also means that the Pods "restartPolicy" has to be set to "Never",
638 otherwise the kubelet will restart the container immediately.
639 Please be aware that CRI-O is not able to get notified if a syscall
642 gets blocked based on the seccomp defaultAction, which is a general
643 runtime limitation.
644 CRIO.RUNTIME.WORKLOAD.RESOURCES TABLE
647 The resources table is a structure for overriding certain resources for
648 pods using this workload. This structure provides a default value, and
649 can be overridden by using the AnnotationPrefix.
650 cpushares="" Specifies the number of CPU shares this pod has access to.
653 cpuset="" Specifies the cpuset this pod has access to.
656
659 The crio.image table contains settings pertaining to the management of
660 OCI images.
661 CRI-O reads its configured registries defaults from the system wide
664 containers-registries.conf(5) located in /etc/containers/reg‐
665 istries.conf. If you want to modify just CRI-O, you can change the reg‐
666 istries configuration in this file. Otherwise, leave insecure_reg‐
667 istries and registries commented out to use the system's defaults from
668 /etc/containers/registries.conf.
669 default_transport="docker://"
672 Default transport for pulling images from a remote container storage.
673 global_auth_file=""
676 The path to a file like /var/lib/kubelet/config.json holding creden‐
677 tials necessary for pulling images from secure registries.
678 pause_image="registry.k8s.io/pause:3.9"
681 The image used to instantiate infra containers. This option supports
682 live configuration reload.
683 pause_image_auth_file=""
686 The path to a file like /var/lib/kubelet/config.json holding creden‐
687 tials specific to pulling the pause_image from above. This option sup‐
688 ports live configuration reload.
689 pause_command="/pause"
692 The command to run to have a container stay in the paused state. This
693 option supports live configuration reload.
694 signature_policy=""
697 Path to the file which decides what sort of policy we use when decid‐
698 ing whether or not to trust an image that we've pulled. It is not rec‐
699 ommended that this option be used, as the default behavior of using the
700 system-wide default policy (i.e., /etc/containers/policy.json) is most
701 often preferred. Please refer to containers-policy.json(5) for more de‐
702 tails.
703 signature_policy_dir="/etc/crio/policies"
706 Root path for pod namespace-separated signature policies. The final
707 policy to be used on image pull will be /.json. If no pod namespace is
708 being provided on image pull (via the sandbox config), or the concate‐
709 nated path is non existent, then the signature_policy or system wide
710 policy will be used as fallback. Must be an absolute path.
711 image_volumes="mkdir"
714 Controls how image volumes are handled. The valid values are mkdir,
715 bind and ignore; the latter will ignore volumes entirely.
716 insecure_registries=[]
719 List of registries to skip TLS verification for pulling images.
720 registries=["docker.io"]
723 List of registries to be used when pulling an unqualified image. Note
724 support for this option has been dropped and it has no effect. Please
725 refer to containers-registries.conf(5) for configuring unqualified-
726 search registries.
727 big_files_temporary_dir=""
730 Path to the temporary directory to use for storing big files, used to
731 store image blobs and data streams related to containers image manage‐
732 ment.
733 separate_pull_cgroup=""
736 [EXPERIMENTAL] If its value is set, then images are pulled into the
737 specified cgroup. If its value is set to "pod", then the pod's cgroup
738 is used. It is currently supported only with the systemd cgroup man‐
739 ager.
740
743 The crio.network table containers settings pertaining to the management
744 of CNI plugins.
745 cni_default_network=""
748 The default CNI network name to be selected. If not set or "", then
749 CRI-O will pick-up the first one found in network_dir.
750 network_dir="/etc/cni/net.d/"
753 Path to the directory where CNI configuration files are located.
754 plugin_dirs=["/opt/cni/bin/",]
757 List of paths to directories where CNI plugin binaries are located.
758
761 The crio.metrics table containers settings pertaining to the Prometheus
762 based metrics retrieval.
763 enable_metrics=false
766 Globally enable or disable metrics support.
767 metrics_collectors=["operations", "operations_latency_microseconds_to‐
770 tal", "operations_latency_microseconds", "operations_errors", "im‐
771 age_pulls_by_digest", "image_pulls_by_name", "im‐
772 age_pulls_by_name_skipped", "image_pulls_failures", "image_pulls_suc‐
773 cesses", "image_pulls_layer_size", "image_layer_reuse", "contain‐
774 ers_oom_total", "containers_oom", "processes_defunct"]
775 Enabled metrics collectors
776 metrics_port=9090
779 The port on which the metrics server will listen.
780 metrics_socket=""
783 The socket on which the metrics server will listen.
784 metrics_cert=""
787 The certificate for the secure metrics server.
788 metrics_key=""
791 The certificate key for the secure metrics server.
792
795 [EXPERIMENTAL] The crio.tracing table containers settings pertaining to
796 the export of OpenTelemetry trace data.
797 enable_tracing=false
800 Globally enable or disable OpenTelemetry trace data exporting.
801 tracing_endpoint="0.0.0.0:4317"
804 Address on which the gRPC trace collector will listen.
805 tracing_sampling_rate_per_million=""
808 Number of samples to collect per million OpenTelemetry spans. Set to
809 1000000 to always sample.
810
813 The crio.stats table specifies all necessary configuration for report‐
814 ing container and pod stats.
815 stats_collection_period=0
818 The number of seconds between collecting pod and container stats. If
819 set to 0, the stats are collected on-demand instead.
820
823 The crio.nri table contains settings for controlling NRI (Node Resource
824 Interface) support in CRI-O. enable_nri=false
825 Enable CRI-O NRI support.
826 nri_plugin_dir="/opt/nri/plugins"
829 Directory to scan for pre-installed plugins to automatically start.
830 nri_plugin_config_dir="/etc/nri/conf.d"
833 Directory to scan for configuration of pre-installed plugins.
834 nri_listen="/var/run/nri/nri.sock"
837 Socket to listen on for externally started NRI plugins to connect to.
838 nri_disable_connections=false
841 Disable connections from externally started NRI plugins.
842 nri_plugin_registration_timeout="5s"
845 Timeout for a plugin to register itself with NRI.
846 nri_plugin_request_timeout="2s"
849 Timeout for a plugin to handle an NRI request.
850
854 crio.conf.d(5), containers-storage.conf(5), containers-policy.json(5),
855 containers-registries.conf(5), crio(8)
856
860 Aug 2018, Update to the latest state by Valentin Rothberg vroth‐
861 berg@suse.com ⟨mailto:vrothberg@suse.com⟩
862 Oct 2016, Originally compiled by Aleksa Sarai asarai@suse.de
865 ⟨mailto:asarai@suse.de⟩
866Runtime Container crio.conf(5)(Kubernetes)