summaryrefslogtreecommitdiff
path: root/docs/crio.8.md
blob: 2c9d4857d8ad7084cc05e401ecf2121160ef844d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
% crio(8) Open Container Initiative Daemon
% Dan Walsh
% SEPTEMBER 2016
# NAME
crio - OCI Kubernetes Container Runtime daemon

# SYNOPSIS
**crio**
[**--apparmor-profile**=[*value*]]
[**--cgroup-manager**=[*value*]]
[**--cni-config-dir**=[*value*]]
[**--cni-plugin-dir**=[*value*]]
[**--config**=[*value*]]
[**--conmon**=[*value*]]
[**--cpu-profile**=[*value*]]
[**--default-transport**=[*value*]]
[**--help**|**-h**]
[**--insecure-registry**=[*value*]]
[**--listen**=[*value*]]
[**--log**=[*value*]]
[**--log-format value**]
[**--log-level value**]
[**--pause-command**=[*value*]]
[**--pause-image**=[*value*]]
[**--registry**=[*value*]]
[**--root**=[*value*]]
[**--runroot**=[*value*]]
[**--runtime**=[*value*]]
[**--seccomp-profile**=[*value*]]
[**--selinux**]
[**--signature-policy**=[*value*]]
[**--storage-driver**=[*value*]]
[**--storage-opt**=[*value*]]
[**--version**|**-v**]

# DESCRIPTION
OCI-based implementation of Kubernetes Container Runtime Interface Daemon

crio is meant to provide an integration path between OCI conformant runtimes and the kubelet. Specifically, it implements the Kubelet Container Runtime Interface (CRI) using OCI conformant runtimes. The scope of crio is tied to the scope of the CRI.

	* Support multiple image formats including the existing Docker image format
	* Support for multiple means to download images including trust & image verification
	* Container image management (managing image layers, overlay filesystems, etc)
	* Container process lifecycle management
	* Monitoring and logging required to satisfy the CRI
	* Resource isolation as required by the CRI

**crio [GLOBAL OPTIONS]**

**crio [GLOBAL OPTIONS] config [OPTIONS]**

# GLOBAL OPTIONS

**--apparmor_profile**=""
  Name of the apparmor profile to be used as the runtime's default (default: "crio-default")

**--cgroup-manager**=""
  cgroup manager (cgroupfs or systemd)

**--config**=""
  path to configuration file

**--conmon**=""
  path to the conmon executable (default: "/usr/local/libexec/crio/conmon")

**--cpu-profile**=""
set the CPU profile file path

**--default-transport**
  A prefix to prepend to image names that can't be pulled as-is.

**--help, -h**
  Print usage statement

**--insecure-registry=**
  Enable insecure registry  communication,  i.e.,  enable  un-encrypted
  and/or untrusted communication.

  List  of  insecure registries can contain an element with CIDR notation
  to specify a whole  subnet.  Insecure  registries  accept  HTTP  and/or
  accept HTTPS with certificates from unknown CAs.

  Enabling  --insecure-registry  is useful when running a local registry.
  However, because its use creates  security  vulnerabilities  it  should
  ONLY  be  enabled  for testing purposes.  For increased security, users
  should add their CA to their system's list of trusted  CAs  instead  of
  using --insecure-registry.

**--image-volumes**=""
  Image volume handling ('mkdir', 'bind' or 'ignore') (default: "mkdir")
  mkdir: A directory is created inside the container root filesystem for the volumes.
  bind: A directory is created inside container state directory and bind mounted into
  the container for the volumes.
  ignore: All volumes are just ignored and no action is taken.

**--listen**=""
  Path to CRI-O socket (default: "/var/run/crio.sock")

**--log**=""
  Set the log file path where internal debug information is written

**--log-format**=""
  Set the format used by logs ('text' (default), or 'json') (default: "text")

**--log-level**=""
  log crio messages above specified level: debug, info (default), warn, error, fatal or panic

**--log-size-max**=""
  Maximum log size in bytes for a container (default: -1 (no limit)).
  If it is positive, it must be >= 8192 (to match/exceed conmon read buffer).

**--pause-command**=""
  Path to the pause executable in the pause image (default: "/pause")

**--pause-image**=""
  Image which contains the pause executable (default: "kubernetes/pause")

**--pids-limit**=""
  Maximum number of processes allowed in a container (default: 1024)

**--root**=""
  The crio root dir (default: "/var/lib/containers/storage")

**--registry**=""
  Registry host which will be prepended to unqualified images, can be specified multiple times

**--runroot**=""
  The crio state dir (default: "/var/run/containers/storage")

**--runtime**=""
  OCI runtime path (default: "/usr/bin/runc")

**--selinux**=*true*|*false*
  Enable selinux support (default: false)

**--seccomp-profile**=""
  Path to the seccomp json profile to be used as the runtime's default (default: "/etc/crio/seccomp.json")

**--signature-policy**=""
  Path to the signature policy json file (default: "", to use the system-wide default)

**--storage-driver**
  OCI storage driver (default: "devicemapper")

**--storage-opt**
  OCI storage driver option (no default)

**--cni-config-dir**=""
  CNI configuration files directory (default: "/etc/cni/net.d/")

**--cni-plugin-dir**=""
  CNI plugin binaries directory (default: "/opt/cni/bin/")

**--cpu-profile**
  Set the CPU profile file path

**--version, -v**
  Print the version

# COMMANDS
CRI-O's default command is to start the daemon. However, it currently offers a
single additional subcommand.

## config

Outputs a commented version of the configuration file that would've been used
by CRI-O. This allows you to save you current configuration setup and then load
it later with **--config**. Global options will modify the output.

**--default**
  Output the default configuration (without taking into account any configuration options).

# SEE ALSO
crio.conf(5)

# HISTORY
Sept 2016, Originally compiled by Dan Walsh <dwalsh@redhat.com> and Aleksa Sarai <asarai@suse.de>