diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 0c3509ae401..69f6e2bce1a 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -73,6 +73,20 @@ jobs: restore-keys: go- - run: make check-log-lines + verify-config-template: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-go@v2 + with: + go-version: ${{ env.GO_VERSION }} + - uses: actions/cache@v2 + with: + path: ~/go/pkg/mod + key: go-${{ hashFiles('**/go.sum') }} + restore-keys: go- + - run: make check-config-template + get-script: runs-on: ubuntu-latest steps: diff --git a/Makefile b/Makefile index c7c4780caea..3bf9b1201a6 100644 --- a/Makefile +++ b/Makefile @@ -144,6 +144,9 @@ check-log-lines: ./hack/log-capitalized.sh ./hack/tree_status.sh +check-config-template: + ./hack/validate-config.sh + shellfiles: ${SHFMT} $(eval SHELLFILES=$(shell ${SHFMT} -f . | grep -v vendor/ | grep -v hack/lib | grep -v hack/build-rpms.sh)) diff --git a/hack/validate-config.sh b/hack/validate-config.sh new file mode 100755 index 00000000000..60e2acc9eea --- /dev/null +++ b/hack/validate-config.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +if grep -q 'Comment' pkg/config/template.go | grep -vq '{{ $.Comment }}'; then + exit 1 +fi diff --git a/pkg/config/config.go b/pkg/config/config.go index 70da8c026c5..8315324230c 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -60,6 +60,7 @@ const ( // Config represents the entire set of configuration values that can be set for // the server. This is intended to be loaded from a toml-encoded config file. type Config struct { + Comment string singleConfigPath string // Path to the single config file dropInConfigDir string // Path to the drop-in config files @@ -558,6 +559,7 @@ func (t *tomlConfig) SetSystemContext(c *Config) { } func (t *tomlConfig) toConfig(c *Config) { + c.Comment = "# " c.RootConfig = t.Crio.RootConfig c.APIConfig = t.Crio.API.APIConfig c.RuntimeConfig = t.Crio.Runtime.RuntimeConfig @@ -713,6 +715,7 @@ func DefaultConfig() (*Config, error) { } cgroupManager := cgmgr.New() return &Config{ + Comment: "# ", SystemContext: &types.SystemContext{ DockerRegistryUserAgent: useragent.Get(), }, diff --git a/pkg/config/template.go b/pkg/config/template.go index 7fe6bda08cf..d57c0788e3f 100644 --- a/pkg/config/template.go +++ b/pkg/config/template.go @@ -3,6 +3,7 @@ package config import ( "io" "reflect" + "strings" "text/template" ) @@ -60,7 +61,9 @@ func crioTemplateString(group templateGroup, prefix string, displayAll bool, cri for _, configItem := range crioTemplateConfig { if group == configItem.group { - if displayAll || !configItem.isDefaultValue { + if !configItem.isDefaultValue || displayAll { + templateString += strings.ReplaceAll(configItem.templateString, "{{ $.Comment }}", "") + } else { templateString += configItem.templateString } } @@ -623,58 +626,58 @@ const templateStringCrio = `[crio] const templateStringCrioRoot = `# Path to the "root directory". CRI-O stores all of its data, including # containers images, in this directory. -root = "{{ .Root }}" +{{ $.Comment }}root = "{{ .Root }}" ` const templateStringCrioRunroot = `# Path to the "run directory". CRI-O stores all of its state in this directory. -runroot = "{{ .RunRoot }}" +{{ $.Comment }}runroot = "{{ .RunRoot }}" ` const templateStringCrioStorageDriver = `# Storage driver used to manage the storage of images and containers. Please # refer to containers-storage.conf(5) to see all available storage drivers. -storage_driver = "{{ .Storage }}" +{{ $.Comment }}storage_driver = "{{ .Storage }}" ` const templateStringCrioStorageOption = `# List to pass options to the storage driver. Please refer to # containers-storage.conf(5) to see all available storage options. -storage_option = [ -{{ range $opt := .StorageOptions }}{{ printf "\t%q,\n" $opt }}{{ end }}] +{{ $.Comment }}storage_option = [ +{{ range $opt := .StorageOptions }}{{ $.Comment }}{{ printf "\t%q,\n" $opt }}{{ end }}{{ $.Comment }}] ` const templateStringCrioLogDir = `# The default log directory where all logs will go unless directly specified by # the kubelet. The log directory specified must be an absolute directory. -log_dir = "{{ .LogDir }}" +{{ $.Comment }}log_dir = "{{ .LogDir }}" ` const templateStringCrioVersionFile = `# Location for CRI-O to lay down the temporary version file. # It is used to check if crio wipe should wipe containers, which should # always happen on a node reboot -version_file = "{{ .VersionFile }}" +{{ $.Comment }}version_file = "{{ .VersionFile }}" ` const templateStringCrioVersionFilePersist = `# Location for CRI-O to lay down the persistent version file. # It is used to check if crio wipe should wipe images, which should # only happen when CRI-O has been upgraded -version_file_persist = "{{ .VersionFilePersist }}" +{{ $.Comment }}version_file_persist = "{{ .VersionFilePersist }}" ` const templateStringCrioCleanShutdownFile = `# Location for CRI-O to lay down the clean shutdown file. # It is used to check whether crio had time to sync before shutting down. # If not found, crio wipe will clear the storage directory. -clean_shutdown_file = "{{ .CleanShutdownFile }}" +{{ $.Comment }}clean_shutdown_file = "{{ .CleanShutdownFile }}" ` const templateStringCrioInternalWipe = `# InternalWipe is whether CRI-O should wipe containers and images after a reboot when the server starts. # If set to false, one must use the external command 'crio wipe' to wipe the containers and images in these situations. -internal_wipe = {{ .InternalWipe }} +{{ $.Comment }}internal_wipe = {{ .InternalWipe }} ` @@ -684,58 +687,58 @@ const templateStringCrioAPI = `# The crio.api table contains settings for the ku ` const templateStringCrioAPIListen = `# Path to AF_LOCAL socket on which CRI-O will listen. -listen = "{{ .Listen }}" +{{ $.Comment }}listen = "{{ .Listen }}" ` const templateStringCrioAPIStreamAddress = `# IP address on which the stream server will listen. -stream_address = "{{ .StreamAddress }}" +{{ $.Comment }}stream_address = "{{ .StreamAddress }}" ` const templateStringCrioAPIStreamPort = `# The port on which the stream server will listen. If the port is set to "0", then # CRI-O will allocate a random free port number. -stream_port = "{{ .StreamPort }}" +{{ $.Comment }}stream_port = "{{ .StreamPort }}" ` const templateStringCrioAPIStreamEnableTLS = `# Enable encrypted TLS transport of the stream server. -stream_enable_tls = {{ .StreamEnableTLS }} +{{ $.Comment }}stream_enable_tls = {{ .StreamEnableTLS }} ` const templateStringCrioAPIStreamIdleTimeout = `# Length of time until open streams terminate due to lack of activity -stream_idle_timeout = "{{.StreamIdleTimeout}}" +{{ $.Comment }}stream_idle_timeout = "{{.StreamIdleTimeout}}" ` const templateStringCrioAPIStreamTLSCert = `# Path to the x509 certificate file used to serve the encrypted stream. This # file can change, and CRI-O will automatically pick up the changes within 5 # minutes. -stream_tls_cert = "{{ .StreamTLSCert }}" +{{ $.Comment }}stream_tls_cert = "{{ .StreamTLSCert }}" ` const templateStringCrioAPIStreamTLSKey = `# Path to the key file used to serve the encrypted stream. This file can # change and CRI-O will automatically pick up the changes within 5 minutes. -stream_tls_key = "{{ .StreamTLSKey }}" +{{ $.Comment }}stream_tls_key = "{{ .StreamTLSKey }}" ` const templateStringCrioAPIStreamTLSCa = `# Path to the x509 CA(s) file used to verify and authenticate client # communication with the encrypted stream. This file can change and CRI-O will # automatically pick up the changes within 5 minutes. -stream_tls_ca = "{{ .StreamTLSCA }}" +{{ $.Comment }}stream_tls_ca = "{{ .StreamTLSCA }}" ` const templateStringCrioAPIGrpcMaxSendMsgSize = `# Maximum grpc send message size in bytes. If not set or <=0, then CRI-O will default to 16 * 1024 * 1024. -grpc_max_send_msg_size = {{ .GRPCMaxSendMsgSize }} +{{ $.Comment }}grpc_max_send_msg_size = {{ .GRPCMaxSendMsgSize }} ` const templateStringCrioAPIGrpcMaxRecvMsgSize = `# Maximum grpc receive message size. If not set or <= 0, then CRI-O will default to 16 * 1024 * 1024. -grpc_max_recv_msg_size = {{ .GRPCMaxRecvMsgSize }} +{{ $.Comment }}grpc_max_recv_msg_size = {{ .GRPCMaxRecvMsgSize }} ` @@ -749,57 +752,57 @@ const templateStringCrioRuntimeDefaultUlimits = `# A list of ulimits to be set i # "=:", for example: # "nofile=1024:2048" # If nothing is set here, settings will be inherited from the CRI-O daemon -default_ulimits = [ -{{ range $ulimit := .DefaultUlimits }}{{ printf "\t%q,\n" $ulimit }}{{ end }}] +{{ $.Comment }}default_ulimits = [ +{{ range $ulimit := .DefaultUlimits }}{{ $.Comment }}{{ printf "\t%q,\n" $ulimit }}{{ end }}{{ $.Comment }}] ` const templateStringCrioRuntimeNoPivot = `# If true, the runtime will not use pivot_root, but instead use MS_MOVE. -no_pivot = {{ .NoPivot }} +{{ $.Comment }}no_pivot = {{ .NoPivot }} ` const templateStringCrioRuntimeDecryptionKeysPath = `# decryption_keys_path is the path where the keys required for # image decryption are stored. This option supports live configuration reload. -decryption_keys_path = "{{ .DecryptionKeysPath }}" +{{ $.Comment }}decryption_keys_path = "{{ .DecryptionKeysPath }}" ` const templateStringCrioRuntimeConmon = `# Path to the conmon binary, used for monitoring the OCI runtime. # Will be searched for using $PATH if empty. -conmon = "{{ .Conmon }}" +{{ $.Comment }}conmon = "{{ .Conmon }}" ` const templateStringCrioRuntimeConmonCgroup = `# Cgroup setting for conmon -conmon_cgroup = "{{ .ConmonCgroup }}" +{{ $.Comment }}conmon_cgroup = "{{ .ConmonCgroup }}" ` const templateStringCrioRuntimeConmonEnv = `# Environment variable list for the conmon process, used for passing necessary # environment variables to conmon or the runtime. -conmon_env = [ -{{ range $env := .ConmonEnv }}{{ printf "\t%q,\n" $env }}{{ end }}] +{{ $.Comment }}conmon_env = [ +{{ range $env := .ConmonEnv }}{{ $.Comment }}{{ printf "\t%q,\n" $env }}{{ end }}{{ $.Comment }}] ` const templateStringCrioRuntimeDefaultEnv = `# Additional environment variables to set for all the # containers. These are overridden if set in the # container image spec or in the container runtime configuration. -default_env = [ -{{ range $env := .DefaultEnv }}{{ printf "\t%q,\n" $env }}{{ end }}] +{{ $.Comment }}default_env = [ +{{ range $env := .DefaultEnv }}{{ $.Comment }}{{ printf "\t%q,\n" $env }}{{ end }}{{ $.Comment }}] ` const templateStringCrioRuntimeSelinux = `# If true, SELinux will be used for pod separation on the host. -selinux = {{ .SELinux }} +{{ $.Comment }}selinux = {{ .SELinux }} ` const templateStringCrioRuntimeSeccompProfile = `# Path to the seccomp.json profile which is used as the default seccomp profile # for the runtime. If not specified, then the internal default seccomp profile # will be used. This option supports live configuration reload. -seccomp_profile = "{{ .SeccompProfile }}" +{{ $.Comment }}seccomp_profile = "{{ .SeccompProfile }}" ` @@ -807,7 +810,7 @@ const templateStringCrioRuntimeSeccompUseDefaultWhenEmpty = `# Changes the meani # (and according to CRI spec), an empty profile means unconfined. # This option tells CRI-O to treat an empty profile as the default profile, # which might increase security. -seccomp_use_default_when_empty = {{ .SeccompUseDefaultWhenEmpty }} +{{ $.Comment }}seccomp_use_default_when_empty = {{ .SeccompUseDefaultWhenEmpty }} ` @@ -816,50 +819,50 @@ const templateStringCrioRuntimeApparmorProfile = `# Used to change the name of t # does not specify a profile via the Kubernetes Pod's metadata annotation. If # the profile is set to "unconfined", then this equals to disabling AppArmor. # This option supports live configuration reload. -apparmor_profile = "{{ .ApparmorProfile }}" +{{ $.Comment }}apparmor_profile = "{{ .ApparmorProfile }}" ` const templateStringCrioRuntimeBlockIOConfigFile = `# Path to the blockio class configuration file for configuring # the cgroup blockio controller. -blockio_config_file = "{{ .BlockIOConfigFile }}" +{{ $.Comment }}blockio_config_file = "{{ .BlockIOConfigFile }}" ` const templateStringCrioRuntimeIrqBalanceConfigFile = `# Used to change irqbalance service config file path which is used for configuring # irqbalance daemon. -irqbalance_config_file = "{{ .IrqBalanceConfigFile }}" +{{ $.Comment }}irqbalance_config_file = "{{ .IrqBalanceConfigFile }}" ` const templateStringCrioRuntimeRdtConfigFile = `# Path to the RDT configuration file for configuring the resctrl pseudo-filesystem. # This option supports live configuration reload. -rdt_config_file = "{{ .RdtConfigFile }}" +{{ $.Comment }}rdt_config_file = "{{ .RdtConfigFile }}" ` const templateStringCrioRuntimeCgroupManager = `# Cgroup management implementation used for the runtime. -cgroup_manager = "{{ .CgroupManagerName }}" +{{ $.Comment }}cgroup_manager = "{{ .CgroupManagerName }}" ` const templateStringCrioRuntimeSeparatePullCgroup = `# Specify whether the image pull must be performed in a separate cgroup. -separate_pull_cgroup = "{{ .SeparatePullCgroup }}" +{{ $.Comment }}separate_pull_cgroup = "{{ .SeparatePullCgroup }}" ` const templateStringCrioRuntimeDefaultCapabilities = `# List of default capabilities for containers. If it is empty or commented out, # only the capabilities defined in the containers json file by the user/kube # will be added. -default_capabilities = [ -{{ range $capability := .DefaultCapabilities}}{{ printf "\t%q,\n" $capability}}{{ end }}] +{{ $.Comment }}default_capabilities = [ +{{ range $capability := .DefaultCapabilities}}{{ $.Comment }}{{ printf "\t%q,\n" $capability}}{{ end }}{{ $.Comment }}] ` const templateStringCrioRuntimeDefaultSysctls = `# List of default sysctls. If it is empty or commented out, only the sysctls # defined in the container json file by the user/kube will be added. -default_sysctls = [ -{{ range $sysctl := .DefaultSysctls}}{{ printf "\t%q,\n" $sysctl}}{{ end }}] +{{ $.Comment }}default_sysctls = [ +{{ range $sysctl := .DefaultSysctls}}{{ $.Comment }}{{ printf "\t%q,\n" $sysctl}}{{ end }}{{ $.Comment }}] ` @@ -874,22 +877,22 @@ const templateStringCrioRuntimeAdditionalDevices = `# List of additional devices # "::", for example: "--device=/dev/sdc:/dev/xvdc:rwm". # If it is empty or commented out, only the devices # defined in the container json file by the user/kube will be added. -additional_devices = [ -{{ range $device := .AdditionalDevices}}{{ printf "\t%q,\n" $device}}{{ end }}] +{{ $.Comment }}additional_devices = [ +{{ range $device := .AdditionalDevices}}{{ $.Comment }}{{ printf "\t%q,\n" $device}}{{ end }}{{ $.Comment }}] ` const templateStringCrioRuntimeDeviceOwnershipFromSecurityContext = `# Change the default behavior of setting container devices uid/gid from CRI's # SecurityContext (RunAsUser/RunAsGroup) instead of taking host's uid/gid. # Defaults to false. -device_ownership_from_security_context = {{ .DeviceOwnershipFromSecurityContext }} +{{ $.Comment }}device_ownership_from_security_context = {{ .DeviceOwnershipFromSecurityContext }} ` const templateStringCrioRuntimeHooksDir = `# Path to OCI hooks directories for automatically executed hooks. If one of the # directories does not exist, then CRI-O will automatically skip them. -hooks_dir = [ -{{ range $hooksDir := .HooksDir }}{{ printf "\t%q,\n" $hooksDir}}{{ end }}] +{{ $.Comment }}hooks_dir = [ +{{ range $hooksDir := .HooksDir }}{{ $.Comment }}{{ printf "\t%q,\n" $hooksDir}}{{ end }}{{ $.Comment }}] ` @@ -906,12 +909,12 @@ const templateStringCrioRuntimeDefaultMountsFile = `# Path to the file specifyin # you can change the default_mounts_file. Note, if this is done, CRI-O will # only add mounts it finds in this file. # -default_mounts_file = "{{ .DefaultMountsFile }}" +{{ $.Comment }}default_mounts_file = "{{ .DefaultMountsFile }}" ` const templateStringCrioRuntimePidsLimit = `# Maximum number of processes allowed in a container. -pids_limit = {{ .PidsLimit }} +{{ $.Comment }}pids_limit = {{ .PidsLimit }} ` @@ -919,80 +922,80 @@ const templateStringCrioRuntimeLogSizeMax = `# Maximum sized allowed for the con # that no size limit is imposed. If it is positive, it must be >= 8192 to # match/exceed conmon's read buffer. The file is truncated and re-opened so the # limit is never exceeded. -log_size_max = {{ .LogSizeMax }} +{{ $.Comment }}log_size_max = {{ .LogSizeMax }} ` const templateStringCrioRuntimeLogToJournald = `# Whether container output should be logged to journald in addition to the kuberentes log file -log_to_journald = {{ .LogToJournald }} +{{ $.Comment }}log_to_journald = {{ .LogToJournald }} ` const templateStringCrioRuntimeContainerExitsDir = `# Path to directory in which container exit files are written to by conmon. -container_exits_dir = "{{ .ContainerExitsDir }}" +{{ $.Comment }}container_exits_dir = "{{ .ContainerExitsDir }}" ` const templateStringCrioRuntimeContainerAttachSocketDir = `# Path to directory for container attach sockets. -container_attach_socket_dir = "{{ .ContainerAttachSocketDir }}" +{{ $.Comment }}container_attach_socket_dir = "{{ .ContainerAttachSocketDir }}" ` const templateStringCrioRuntimeBindMountPrefix = `# The prefix to use for the source of the bind mounts. -bind_mount_prefix = "" +{{ $.Comment }}bind_mount_prefix = "" ` const templateStringCrioRuntimeReadOnly = `# If set to true, all containers will run in read-only mode. -read_only = {{ .ReadOnly }} +{{ $.Comment }}read_only = {{ .ReadOnly }} ` const templateStringCrioRuntimeLogLevel = `# Changes the verbosity of the logs based on the level it is set to. Options # are fatal, panic, error, warn, info, debug and trace. This option supports # live configuration reload. -log_level = "{{ .LogLevel }}" +{{ $.Comment }}log_level = "{{ .LogLevel }}" ` const templateStringCrioRuntimeLogFilter = `# Filter the log messages by the provided regular expression. # This option supports live configuration reload. -log_filter = "{{ .LogFilter }}" +{{ $.Comment }}log_filter = "{{ .LogFilter }}" ` const templateStringCrioRuntimeUIDMappings = `# The UID mappings for the user namespace of each container. A range is # specified in the form containerUID:HostUID:Size. Multiple ranges must be # separated by comma. -uid_mappings = "{{ .UIDMappings }}" +{{ $.Comment }}uid_mappings = "{{ .UIDMappings }}" ` const templateStringCrioRuntimeGIDMappings = `# The GID mappings for the user namespace of each container. A range is # specified in the form containerGID:HostGID:Size. Multiple ranges must be # separated by comma. -gid_mappings = "{{ .GIDMappings }}" +{{ $.Comment }}gid_mappings = "{{ .GIDMappings }}" ` const templateStringCrioRuntimeMinimumMappableUID = `# If set, CRI-O will reject any attempt to map host UIDs below this value # into user namespaces. A negative value indicates that no minimum is set, # so specifying mappings will only be allowed for pods that run as UID 0. -minimum_mappable_uid = {{ .MinimumMappableUID }} +{{ $.Comment }}minimum_mappable_uid = {{ .MinimumMappableUID }} ` const templateStringCrioRuntimeMinimumMappableGID = `# If set, CRI-O will reject any attempt to map host GIDs below this value # into user namespaces. A negative value indicates that no minimum is set, # so specifying mappings will only be allowed for pods that run as UID 0. -minimum_mappable_gid = {{ .MinimumMappableGID}} +{{ $.Comment }}minimum_mappable_gid = {{ .MinimumMappableGID}} ` const templateStringCrioRuntimeCtrStopTimeout = `# The minimal amount of time in seconds to wait before issuing a timeout # regarding the proper termination of the container. The lowest possible # value is 30s, whereas lower values are not considered by CRI-O. -ctr_stop_timeout = {{ .CtrStopTimeout }} +{{ $.Comment }}ctr_stop_timeout = {{ .CtrStopTimeout }} ` @@ -1000,32 +1003,32 @@ const templateStringCrioRuntimeDropInfraCtr = `# drop_infra_ctr determines wheth # when a pod does not have a private PID namespace, and does not use # a kernel separating runtime (like kata). # It requires manage_ns_lifecycle to be true. -drop_infra_ctr = {{ .DropInfraCtr }} +{{ $.Comment }}drop_infra_ctr = {{ .DropInfraCtr }} ` const templateStringCrioRuntimeInfraCtrCpuset = `# infra_ctr_cpuset determines what CPUs will be used to run infra containers. # You can use linux CPU list format to specify desired CPUs. # To get better isolation for guaranteed pods, set this parameter to be equal to kubelet reserved-cpus. -infra_ctr_cpuset = "{{ .InfraCtrCPUSet }}" +{{ $.Comment }}infra_ctr_cpuset = "{{ .InfraCtrCPUSet }}" ` const templateStringCrioRuntimeNamespacesDir = `# The directory where the state of the managed namespaces gets tracked. # Only used when manage_ns_lifecycle is true. -namespaces_dir = "{{ .NamespacesDir }}" +{{ $.Comment }}namespaces_dir = "{{ .NamespacesDir }}" ` const templateStringCrioRuntimePinnsPath = `# pinns_path is the path to find the pinns binary, which is needed to manage namespace lifecycle -pinns_path = "{{ .PinnsPath }}" +{{ $.Comment }}pinns_path = "{{ .PinnsPath }}" ` const templateStringCrioRuntimeDefaultRuntime = `# default_runtime is the _name_ of the OCI runtime to be used as the default. # The name is matched against the runtimes map below. If this value is changed, # the corresponding existing entry from the runtimes map below will be ignored. -default_runtime = "{{ .DefaultRuntime }}" +{{ $.Comment }}default_runtime = "{{ .DefaultRuntime }}" ` @@ -1035,8 +1038,8 @@ const templateStringCrioRuntimeAbsentMountSourcesToReject = `# A list of paths t # creation as a file is not desired either. # An example is /etc/hostname, which will cause failures on reboot if it's created as a directory, but often doesn't exist because # the hostname is being managed dynamically. -absent_mount_sources_to_reject = [ -{{ range $mount := .AbsentMountSourcesToReject}}{{ printf "\t%q,\n" $mount}}{{ end }}] +{{ $.Comment }}absent_mount_sources_to_reject = [ +{{ range $mount := .AbsentMountSourcesToReject}}{{ $.Comment }}{{ printf "\t%q,\n" $mount}}{{ end }}{{ $.Comment }}] ` @@ -1078,18 +1081,18 @@ const templateStringCrioRuntimeRuntimesRuntimeHandler = `# The "crio.runtime.run {{ range $runtime_name, $runtime_handler := .Runtimes }} [crio.runtime.runtimes.{{ $runtime_name }}] -runtime_path = "{{ $runtime_handler.RuntimePath }}" -runtime_type = "{{ $runtime_handler.RuntimeType }}" -runtime_root = "{{ $runtime_handler.RuntimeRoot }}" -runtime_config_path = "{{ $runtime_handler.RuntimeConfigPath }}" +{{ $.Comment }}runtime_path = "{{ $runtime_handler.RuntimePath }}" +{{ $.Comment }}runtime_type = "{{ $runtime_handler.RuntimeType }}" +{{ $.Comment }}runtime_root = "{{ $runtime_handler.RuntimeRoot }}" +{{ $.Comment }}runtime_config_path = "{{ $runtime_handler.RuntimeConfigPath }}" {{ if $runtime_handler.PrivilegedWithoutHostDevices }} -privileged_without_host_devices = {{ $runtime_handler.PrivilegedWithoutHostDevices }} -{{ end }} -{{ if $runtime_handler.AllowedAnnotations }} -allowed_annotations = [ -{{ range $opt := $runtime_handler.AllowedAnnotations }}{{ printf "\t%q,\n" $opt }}{{ end }}] -{{ end }} -{{ end }} +{{ $.Comment }}privileged_without_host_devices = {{ $runtime_handler.PrivilegedWithoutHostDevices }} +{{ $.Comment }}{{ end }} +{{ $.Comment }}{{ if $runtime_handler.AllowedAnnotations }} +{{ $.Comment }}allowed_annotations = [ +{{ range $opt := $runtime_handler.AllowedAnnotations }}{{ $.Comment }}{{ printf "\t%q,\n" $opt }}{{ end }}{{ $.Comment }}] +{{ $.Comment }}{{ end }} +{{ $.Comment }}{{ end }} # crun is a fast and lightweight fully featured OCI runtime and C library for # running containers @@ -1134,14 +1137,14 @@ const templateStringCrioRuntimeWorkloads = `# The workloads table defines ways t # annotation_prefix is used to customize the different resources. # To configure the cpu shares a container gets in the example above, the pod would have to have the following annotation: # "io.crio.workload-type/$container_name = {"cpushares": "value"}" -{{ range $workload_type, $workload_config := .Workloads }} +{{ $.Comment }}{{ range $workload_type, $workload_config := .Workloads }} [crio.runtime.workloads.{{ $workload_type }}] -activation_annotation = "{{ $workload_config.ActivationAnnotation }}" -annotation_prefix = "{{ $workload_config.AnnotationPrefix }}" +{{ $.Comment }}activation_annotation = "{{ $workload_config.ActivationAnnotation }}" +{{ $.Comment }}annotation_prefix = "{{ $workload_config.AnnotationPrefix }}" [crio.runtime.workloads.{{ $workload_type }}.resources] -cpuset = "{{ $workload_config.Resources.CPUSet }}" -cpushares = {{ $workload_config.Resources.CPUShares }} -{{ end }} +{{ $.Comment }}cpuset = "{{ $workload_config.Resources.CPUSet }}" +{{ $.Comment }}cpushares = {{ $workload_config.Resources.CPUShares }} +{{ $.Comment }}{{ end }} ` @@ -1157,26 +1160,26 @@ const templateStringCrioImage = `# The crio.image table contains settings pertai ` const templateStringCrioImageDefaultTransport = `# Default transport for pulling images from a remote container storage. -default_transport = "{{ .DefaultTransport }}" +{{ $.Comment }}default_transport = "{{ .DefaultTransport }}" ` const templateStringCrioImageGlobalAuthFile = `# The path to a file containing credentials necessary for pulling images from # secure registries. The file is similar to that of /var/lib/kubelet/config.json -global_auth_file = "{{ .GlobalAuthFile }}" +{{ $.Comment }}global_auth_file = "{{ .GlobalAuthFile }}" ` const templateStringCrioImagePauseImage = `# The image used to instantiate infra containers. # This option supports live configuration reload. -pause_image = "{{ .PauseImage }}" +{{ $.Comment }}pause_image = "{{ .PauseImage }}" ` const templateStringCrioImagePauseImageAuthFile = `# The path to a file containing credentials specific for pulling the pause_image from # above. The file is similar to that of /var/lib/kubelet/config.json # This option supports live configuration reload. -pause_image_auth_file = "{{ .PauseImageAuthFile }}" +{{ $.Comment }}pause_image_auth_file = "{{ .PauseImageAuthFile }}" ` @@ -1184,7 +1187,7 @@ const templateStringCrioImagePauseCommand = `# The command to run to have a cont # When explicitly set to "", it will fallback to the entrypoint and command # specified in the pause image. When commented out, it will fallback to the # default: "/pause". This option supports live configuration reload. -pause_command = "{{ .PauseCommand }}" +{{ $.Comment }}pause_command = "{{ .PauseCommand }}" ` @@ -1193,26 +1196,26 @@ const templateStringCrioImageSignaturePolicy = `# Path to the file which decides # this option be used, as the default behavior of using the system-wide default # policy (i.e., /etc/containers/policy.json) is most often preferred. Please # refer to containers-policy.json(5) for more details. -signature_policy = "{{ .SignaturePolicyPath }}" +{{ $.Comment }}signature_policy = "{{ .SignaturePolicyPath }}" ` const templateStringCrioImageInsecureRegistries = `# List of registries to skip TLS verification for pulling images. Please # consider configuring the registries via /etc/containers/registries.conf before # changing them here. -insecure_registries = [ -{{ range $opt := .InsecureRegistries }}{{ printf "\t%q,\n" $opt }}{{ end }}] +{{ $.Comment }}insecure_registries = [ +{{ range $opt := .InsecureRegistries }}{{ $.Comment }}{{ printf "\t%q,\n" $opt }}{{ end }}{{ $.Comment }}] ` const templateStringCrioImageImageVolumes = `# Controls how image volumes are handled. The valid values are mkdir, bind and # ignore; the latter will ignore volumes entirely. -image_volumes = "{{ .ImageVolumes }}" +{{ $.Comment }}image_volumes = "{{ .ImageVolumes }}" ` const templateStringCrioImageBigFilesTemporaryDir = `# Temporary directory to use for storing big files -big_files_temporary_dir = "{{ .BigFilesTemporaryDir }}" +{{ $.Comment }}big_files_temporary_dir = "{{ .BigFilesTemporaryDir }}" ` @@ -1229,13 +1232,13 @@ const templateStringCrioNetworkCniDefaultNetwork = `# The default CNI network na ` const templateStringCrioNetworkNetworkDir = `# Path to the directory where CNI configuration files are located. -network_dir = "{{ .NetworkDir }}" +{{ $.Comment }}network_dir = "{{ .NetworkDir }}" ` const templateStringCrioNetworkPluginDirs = `# Paths to directories where CNI plugin binaries are located. -plugin_dirs = [ -{{ range $opt := .PluginDirs }}{{ printf "\t%q,\n" $opt }}{{ end }}] +{{ $.Comment }}plugin_dirs = [ +{{ range $opt := .PluginDirs }}{{ $.Comment }}{{ printf "\t%q,\n" $opt }}{{ end }}{{ $.Comment }}] ` @@ -1245,7 +1248,7 @@ const templateStringCrioMetrics = `# A necessary configuration for Prometheus ba ` const templateStringCrioMetricsEnableMetrics = `# Globally enable or disable metrics support. -enable_metrics = {{ .EnableMetrics }} +{{ $.Comment }}enable_metrics = {{ .EnableMetrics }} ` @@ -1254,18 +1257,17 @@ const templateStringCrioMetricsCollectors = `# Specify enabled metrics collector # It is possible, to prefix the metrics with "container_runtime_" and "crio_". # For example, the metrics collector "operations" would be treated in the same # way as "crio_operations" and "container_runtime_crio_operations". -metrics_collectors = [ -{{ range $opt := .MetricsCollectors }}{{ printf "\t%q,\n" $opt }}{{ end }}] - +{{ $.Comment }}metrics_collectors = [ +{{ range $opt := .MetricsCollectors }}{{ $.Comment }}{{ printf "\t%q,\n" $opt }}{{ end }}{{ $.Comment }}] ` const templateStringCrioMetricsMetricsPort = `# The port on which the metrics server will listen. -metrics_port = {{ .MetricsPort }} +{{ $.Comment }}metrics_port = {{ .MetricsPort }} ` const templateStringCrioMetricsMetricsSocket = `# Local socket path to bind the metrics server to -metrics_socket = "{{ .MetricsSocket }}" +{{ $.Comment }}metrics_socket = "{{ .MetricsSocket }}" ` @@ -1273,13 +1275,13 @@ const templateStringCrioMetricsMetricsCert = `# The certificate for the secure m # If the certificate is not available on disk, then CRI-O will generate a # self-signed one. CRI-O also watches for changes of this path and reloads the # certificate on any modification event. -metrics_cert = "{{ .MetricsCert }}" +{{ $.Comment }}metrics_cert = "{{ .MetricsCert }}" ` const templateStringCrioMetricsMetricsKey = `# The certificate key for the secure metrics server. # Behaves in the same way as the metrics_cert. -metrics_key = "{{ .MetricsKey }}" +{{ $.Comment }}metrics_key = "{{ .MetricsKey }}" ` @@ -1289,17 +1291,17 @@ const templateStringCrioTracing = `# A necessary configuration for OpenTelemetry ` const templateStringCrioTracingEnableTracing = `# Globally enable or disable exporting OpenTelemetry traces. -enable_tracing = {{ .EnableTracing }} +{{ $.Comment }}enable_tracing = {{ .EnableTracing }} ` const templateStringCrioTracingTracingEndpoint = `# Address on which the gRPC trace collector listens on. -tracing_endpoint = "{{ .TracingEndpoint }}" +{{ $.Comment }}tracing_endpoint = "{{ .TracingEndpoint }}" ` const templateStringCrioTracingTracingSamplingRatePerMillion = `# Number of samples to collect per million spans. -tracing_sampling_rate_per_million = {{ .TracingSamplingRatePerMillion }} +{{ $.Comment }}tracing_sampling_rate_per_million = {{ .TracingSamplingRatePerMillion }} ` @@ -1310,6 +1312,6 @@ const templateStringCrioStats = `# Necessary information pertaining to container const templateStringCrioStatsStatsCollectionPeriod = `# The number of seconds between collecting pod and container stats. # If set to 0, the stats are collected on-demand instead. -stats_collection_period = {{ .StatsCollectionPeriod }} +{{ $.Comment }}stats_collection_period = {{ .StatsCollectionPeriod }} ` diff --git a/test/config.bats b/test/config.bats index c42d0703033..52c36984ad4 100644 --- a/test/config.bats +++ b/test/config.bats @@ -11,6 +11,12 @@ function teardown() { cleanup_test } +@test "default config should be empty" { + setup_crio + output=$(env -i "$CRIO_BINARY_PATH" -c "" -d "" config | sed 's/#.*//g' | sed 's/\[.*//g' | tr -d '\n') + [[ "$output" == "" ]] +} + @test "config dir should succeed" { # given setup_crio