modules/kubernetes/cri-o.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

{ config, lib, pkgs, ... }:

{
  virtualisation.cri-o = {
    enable = true;
    storageDriver = "overlay";
    extraPackages = with pkgs; [ fuse3 fuse-overlayfs ];
    settings = {
      crio = {
        network.plugin_dir = "/opt/cni/bin";
        default_runtime = "crun";
        runtime = {
          allowed_devices = [ "/dev/fuse" ];
          default_sysctls = [
            "net.ipv4.ping_group_range=0 2147483647"
          ];
          workloads = {
            gitlab = {
              activation_annotation = "io.kubernetes.cri-o.workload/gitlab";
              allowed_annotations = [
                "io.kubernetes.cri-o.userns-mode"
                "io.kubernetes.cri-o.Devices"
                "io.kubernetes.cri-o.ShmSize"
              ];
            };
          };
          runtimes.crun = {
            runtime_type = "oci";
            runtime_root = "/run/crun";
            allowed_annotations = [
              "io.kubernetes.cri-o.userns-mode"
              "io.kubernetes.cri-o.Devices"
              "io.kubernetes.cri-o.ShmSize"
            ];
          };
        };
      };
    };
  };
}