From b2a8f7cd1263b6c8aa4587c8d2a877f255764b90 Mon Sep 17 00:00:00 2001
From: Anthony Delannoy <adelannoy@wiremind.io>
Date: Fri, 12 Apr 2024 16:09:19 +0200
Subject: [PATCH] chore(containerd): add CRI config options

See: https://github.com/containerd/containerd/blob/v1.7.15/docs/man/containerd-config.toml.5.md
See: https://github.com/containerd/containerd/blob/v1.7.15/docs/cri/config.md
---
 roles/container-engine/containerd/defaults/main.yml        | 6 ++++++
 roles/container-engine/containerd/templates/config.toml.j2 | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
index 2aac447c937..af4634ca6b9 100644
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -72,6 +72,12 @@ containerd_enable_unprivileged_ports: false
 # If enabled it will allow non root users to use icmp sockets
 containerd_enable_unprivileged_icmp: false
 
+containerd_enable_selinux: false
+containerd_disable_apparmor: false
+containerd_tolerate_missing_hugetlb_controller: true
+containerd_disable_hugetlb_controller: true
+containerd_image_pull_progress_timeout: 5m
+
 containerd_cfg_dir: /etc/containerd
 
 # Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally
diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index 3f36c47efd6..07e198293da 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -32,6 +32,11 @@ oom_score = {{ containerd_oom_score }}
     max_container_log_line_size = {{ containerd_max_container_log_line_size }}
     enable_unprivileged_ports = {{ containerd_enable_unprivileged_ports | lower }}
     enable_unprivileged_icmp = {{ containerd_enable_unprivileged_icmp | lower }}
+    enable_selinux = {{ containerd_enable_selinux | lower }}
+    disable_apparmor = {{ containerd_disable_apparmor | lower }}
+    tolerate_missing_hugetlb_controller = {{ containerd_tolerate_missing_hugetlb_controller | lower }}
+    disable_hugetlb_controller = {{ containerd_disable_hugetlb_controller | lower }}
+    image_pull_progress_timeout = "{{ containerd_image_pull_progress_timeout }}"
 {% if enable_cdi %}
     enable_cdi = true
     cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]