update user guide

awslabs · Feb 6, 2024 · d54bb8e · d54bb8e
1 parent 22dbd0d
commit d54bb8e
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 0 deletions.
diff --git a/doc/USER_GUIDE.md b/doc/USER_GUIDE.md
@@ -296,6 +296,56 @@ $ curl -sSL "http://localhost:8001/api/v1/nodes/ip-192-168-92-220.us-east-2.comp
 
 ---
 
+## Customizing Containerd Config
+
+In some cases, customers may want to customize the [containerd configuration](https://github.com/containerd/containerd/blob/main/docs/man/containerd-config.toml.5.md)
+on their nodes. We utilize the drop-in style `import` files [supported by containerd](https://github.com/containerd/containerd/blob/main/docs/man/containerd-config.toml.5.md#format)
+to achieve this. 
+
+**Import a containerd config**
+
+If you have a containerd config of your own, you can place it inside the directory `/etc/containerd/config.d/` via your user data.
+
+> [!NOTE]
+> When adding a new `containerd` config file to the `import` path after `containerd` has already started (i.e. `bootstrap.sh` already ran),
+> you'll need to restart `containerd` to pick up the latest configuration.
+
+The `bootstrap.sh` script will write the defaults for the containerd config to `/etc/containerd/config.toml`, containing an `import` 
+list containing the path glob: `/etc/containerd/config.d/*.toml`. `bootstrap.sh` will also create this directory,
+so the user is not required create it when executing commands after the bootstrap is run.
+
+> [!IMPORTANT]
+> containerd `imports` is the recommended approach to configure contianerd on EKS Optimized AMIS.  
+> Please attempt to use this method before ever making direct edits to `/etc/containerd/config.toml`.
+   
+**View active containerd config**
+
+To see the final configuration that is produced and consumed by containerd, you
+can use the containerd cli:
+```
+$ containerd config dump
+
+version = 2
+root = "/var/lib/containerd"
+state = "/run/containerd"
+oom_score = 0
+imports = ["/etc/containerd/config.d/*.toml"]
+
+[grpc]
+  address = "/run/containerd/containerd.sock"
+  uid = 0
+  gid = 0
+
+[debug]
+  address = "/run/containerd/debug.sock"
+  uid = 0
+  gid = 0
+  level = "info"
+...
+```
+
+---
+
 ## AL2 and Linux Kernel Information
 
 By default, the `amazon-eks-ami` uses a [source_ami_filter](https://github.com/awslabs/amazon-eks-ami/blob/e3f1b910f83ad1f27e68312e50474ea6059f052d/eks-worker-al2.json#L46) that selects the latest [hvm](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/virtualization_types.html) AL2 AMI for the given architecture as the base AMI. For more information on what kernel versions are running on published Amazon EKS optimized Linux AMIs, see [the public documentation](https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html).

diff --git a/files/bootstrap.sh b/files/bootstrap.sh
@@ -555,6 +555,7 @@ if [[ "$CONTAINER_RUNTIME" = "containerd" ]]; then
   fi
 
   sudo mkdir -p /etc/containerd
+  sudo mkdir -p /etc/containerd/config.d
   sudo mkdir -p /etc/cni/net.d
 
   if [[ -n "${CONTAINERD_CONFIG_FILE}" ]]; then