From 2d00c380ef61929a16f003eab897bfbaaeb6f95c Mon Sep 17 00:00:00 2001 From: tu1h Date: Mon, 9 Oct 2023 18:13:04 +0800 Subject: [PATCH] Add cri-o criu support Signed-off-by: tu1h --- docs/vars.md | 2 ++ roles/container-engine/cri-o/defaults/main.yml | 3 +++ roles/container-engine/cri-o/templates/crio.conf.j2 | 5 +++++ 3 files changed, 10 insertions(+) diff --git a/docs/vars.md b/docs/vars.md index 3431d519499..ef2b77e090a 100644 --- a/docs/vars.md +++ b/docs/vars.md @@ -186,6 +186,8 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m * *containerd_additional_runtimes* - Sets the additional Containerd runtimes used by the Kubernetes CRI plugin. [Default config](https://github.com/kubernetes-sigs/kubespray/blob/master/roles/container-engine/containerd/defaults/main.yml) can be overridden in inventory vars. +* *crio_criu_support_enabled* - When set to `true`, enables the container checkpoint/restore in CRI-O. It's required to install [CRIU](https://criu.org/Installation) on the host when dumping/restoring checkpoints. And It's recommended to set feature gate `ContainerCheckpoint=true` for Kubelet to get higher API to simplfiy the operations(**Note**: It's still in experimental stage, just for container analytics so far). You can follow the [documentation](https://kubernetes.io/blog/2022/12/05/forensic-container-checkpointing-alpha/). + * *http_proxy/https_proxy/no_proxy/no_proxy_exclude_workers/additional_no_proxy* - Proxy variables for deploying behind a proxy. Note that no_proxy defaults to all internal cluster IPs and hostnames that correspond to each node. diff --git a/roles/container-engine/cri-o/defaults/main.yml b/roles/container-engine/cri-o/defaults/main.yml index 949ed69ed53..21de17aeb9c 100644 --- a/roles/container-engine/cri-o/defaults/main.yml +++ b/roles/container-engine/cri-o/defaults/main.yml @@ -97,3 +97,6 @@ crio_man_files: 8: - crio - crio-status + +# If set to true, it will enable the CRIU support in cri-o +crio_criu_support_enabled: false diff --git a/roles/container-engine/cri-o/templates/crio.conf.j2 b/roles/container-engine/cri-o/templates/crio.conf.j2 index f0455d0939b..81d5a421e0b 100644 --- a/roles/container-engine/cri-o/templates/crio.conf.j2 +++ b/roles/container-engine/cri-o/templates/crio.conf.j2 @@ -273,6 +273,11 @@ pinns_path = "" pinns_path = "{{ bin_dir }}/pinns" {% endif %} +{% if crio_criu_support_enabled %} +# Enable CRIU integration, requires that the criu binary is available in $PATH. +enable_criu_support = true +{% endif %} + # The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes. # The runtime to use is picked based on the runtime_handler provided by the CRI. # If no runtime_handler is provided, the runtime will be picked based on the level