CRI-O
CRI-O is a lightweight container runtime for Kubernetes. Kubespray supports basic functionality for using CRI-O as the default container runtime in a cluster.
- Kubernetes supports CRI-O on v1.11.1 or later.
- etcd: configure either kubeadm managed etcd or host deployment
To use the CRI-O container runtime set the following variables:
all/all.yml
download_container: false
skip_downloads: false
etcd_kubeadm_enabled: true
k8s-cluster/k8s-cluster.yml
container_manager: crio
etcd.yml
etcd_deployment_type: host # optionally and mutually exclusive with etcd_kubeadm_enabled
all/crio.yml
Enable docker hub registry mirrors
crio_registries_mirrors:
- prefix: docker.io
insecure: false
blocked: false
location: registry-1.docker.io
mirrors:
- location: 192.168.100.100:5000
insecure: true
- location: mirror.gcr.io
insecure: false
Note about pids_limit
For heavily mult-threaded workloads like databases, the default of 1024 for pids-limit is too low. This parameter controls not just the number of processes but also the amount of threads (since a thread is technically a process with shared memory). See cri-o#1921
In order to increase the default pids_limit
for cri-o based deployments you need to set the crio_pids_limit
for your k8s-cluster
ansible group or per node depending on the use case.
crio_pids_limit: 4096