Channels
extensions
rancher-extensions
supermicro-sixsq
ozt
os
one-point-x
rio
onlinemeetup
v16-v21-migration
events
onlinetraining
training-1220
training-0110
training-0124
k3s-contributor
submariner
storage
k3os
windows
ci-cd
theranchcast
rfed_ara
nederlands
ukranian
danish
training-0131
masterclass
training-0207
training-0214
terraform-controller
epinio
phillydotnet
swarm
rancher-wrangler
deutsch
russian
chinese
mesos
français
japanese
arm
longhorn-dev
terraform-provider-rke
service-mesh
azure
gcp
academy
random
elemental
espanol
lima
harvester-dev
portugues
kubernetes
kim
hypper
kubewarden
opni
logging
neuvector-security
rancher-setup
developer
office-hours
mexico
cabpr
rke
vsphere
longhorn-storage
k3s
k3d
terraform-provider-rancher2
fleet
amazon
harvester
rke2
s3gw
hobbyfarm
rancher-desktop
general
Title
q
quiet-memory-19288
06/16/2022, 3:34 PMGood morning. Hey, I need to set
disable_apparmor[plugins.cri]
...
disable_apparmor = truebut I am not certain how to take that info and apply it in reality 🙂.
or if there is a better way? I was dreaming this would work
curl -sfL <https://get.k3s.io> | sh -s - --disable=traefik --disable=apparmoror does everyone just copy /var/lib/rancher/k3s/agent/etc/containerd/config.toml to /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl ? and then add your stuff and boucne the server? It would be nice to have this before k3s installs, so no entries get added to apparmor at all.
I dont want this stuff:
/var/lib/rancher/k3s/agent/etc/containerd# apparmor_status | grep containerd
cri-containerd.apparmor.d
/usr/bin/local-path-provisioner (24414) cri-containerd.apparmor.d
/coredns (24479) cri-containerd.apparmor.d
/metrics-server (24518) cri-containerd.apparmor.dc
creamy-pencil-82913
06/16/2022, 6:21 PMCopy the go template from the source code into the template file on the node, modify it as necessary, restart k3s.
You can create the file before k3s starts the first time, you just need to also create the directory manually
q
quiet-memory-19288
06/17/2022, 6:28 PMok, ty! Yeah, I also had the wrong version of the go template. The current version doesnt work in the ‘release’ version of k3s.
this
SystemdCgroupcurl -sfL <https://get.k3s.io> | INSTALL_K3S_SKIP_START=true sh -s - --disable=traefik --containerD_<var>=false?c
creamy-pencil-82913
06/17/2022, 7:27 PMJust pull the template from the same git tag as the release you're running.
If you use the template from the wrong branch yeah you're probably gonna have a bad time
✔️ 1
q
quiet-memory-19288
06/22/2022, 4:57 PMHi again @creamy-pencil-82913, so I tested a few versions of k3s and yeah, I do see that in the last 3 versions I tested you guys changed that Go template and it breaks if I give it the wrong one every time. This kind of breaks CI/CD for me and will require a code change, every single time you guys modify anything on the containerD side.
For me, part of the beauty and simplicity of k3s, is the ability to config what you need directly in the installer. That way the underlying implementation you choose will never effect my code. Any chance this can be a feature request:
curl -sfL <https://get.k3s.io> | INSTALL_K3S_SKIP_START=true sh -s - --disable=traefik --containerD_<var>=<value>or maybe it can be even more generic…. so even the flavor of container doesn’t matter? Let say for old docker only setups?
In the k3s installer code, it would simply swap out variable defaults if they are found? Just an idea?
c
creamy-pencil-82913
06/22/2022, 5:37 PMThe template is only used with the embedded containerd. If you use your own containerd, or docker, the template is unused because we don't manage the configuration.
q
quiet-memory-19288
06/22/2022, 5:48 PMoh ok! I didnt think of that. So I could install my own containerd then and not use your version. I guess that would be a good work around as long as I am using the same version you guys test against? Hmmm, I kinda wanted to do a pure air gap install with just your stuff in a tar file, but I could break it out…. 🤔