github.com/kata-containers/runtime@v0.0.0-20210505125100-04f29832a923/cli/config/configuration-clh.toml.in (about) 1 # Copyright (c) 2019 Ericsson Eurolab Deutschland GmbH 2 # 3 # SPDX-License-Identifier: Apache-2.0 4 # 5 6 # XXX: WARNING: this file is auto-generated. 7 # XXX: 8 # XXX: Source file: "@CONFIG_CLH_IN@" 9 # XXX: Project: 10 # XXX: Name: @PROJECT_NAME@ 11 # XXX: Type: @PROJECT_TYPE@ 12 13 [hypervisor.clh] 14 path = "@CLHPATH@" 15 kernel = "@KERNELPATH_CLH@" 16 image = "@IMAGEPATH@" 17 18 # List of valid annotation names for the hypervisor 19 # Each member of the list is a regular expression, which is the base name 20 # of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path" 21 # The default if not set is empty (all annotations rejected.) 22 # Your distribution recommends: @DEFENABLEANNOTATIONS@ 23 enable_annotations = @DEFENABLEANNOTATIONS@ 24 25 # List of valid annotation values for the hypervisor path 26 # Each member of the list is a path pattern as described by glob(3). 27 # The default if not set is empty (all annotations rejected.) 28 # Your distribution recommends: @CLHVALIDHYPERVISORPATHS@ 29 valid_hypervisor_paths = @CLHVALIDHYPERVISORPATHS@ 30 31 # Optional space-separated list of options to pass to the guest kernel. 32 # For example, use `kernel_params = "vsyscall=emulate"` if you are having 33 # trouble running pre-2.15 glibc. 34 # 35 # WARNING: - any parameter specified here will take priority over the default 36 # parameter value of the same name used to start the virtual machine. 37 # Do not set values here unless you understand the impact of doing so as you 38 # may stop the virtual machine from booting. 39 # To see the list of default parameters, enable hypervisor debug, create a 40 # container and look for 'default-kernel-parameters' log entries. 41 kernel_params = "@KERNELPARAMS@" 42 43 # Default number of vCPUs per SB/VM: 44 # unspecified or 0 --> will be set to @DEFVCPUS@ 45 # < 0 --> will be set to the actual number of physical cores 46 # > 0 <= number of physical cores --> will be set to the specified number 47 # > number of physical cores --> will be set to the actual number of physical cores 48 default_vcpus = 1 49 50 # Default maximum number of vCPUs per SB/VM: 51 # unspecified or == 0 --> will be set to the actual number of physical cores or to the maximum number 52 # of vCPUs supported by KVM if that number is exceeded 53 # > 0 <= number of physical cores --> will be set to the specified number 54 # > number of physical cores --> will be set to the actual number of physical cores or to the maximum number 55 # of vCPUs supported by KVM if that number is exceeded 56 # WARNING: Depending of the architecture, the maximum number of vCPUs supported by KVM is used when 57 # the actual number of physical cores is greater than it. 58 # WARNING: Be aware that this value impacts the virtual machine's memory footprint and CPU 59 # the hotplug functionality. For example, `default_maxvcpus = 240` specifies that until 240 vCPUs 60 # can be added to a SB/VM, but the memory footprint will be big. Another example, with 61 # `default_maxvcpus = 8` the memory footprint will be small, but 8 will be the maximum number of 62 # vCPUs supported by the SB/VM. In general, we recommend that you do not edit this variable, 63 # unless you know what are you doing. 64 default_maxvcpus = @DEFMAXVCPUS@ 65 66 # Default memory size in MiB for SB/VM. 67 # If unspecified then it will be set @DEFMEMSZ@ MiB. 68 default_memory = @DEFMEMSZ@ 69 70 # Default memory slots per SB/VM. 71 # If unspecified then it will be set @DEFMEMSLOTS@. 72 # This is will determine the times that memory will be hotadded to sandbox/VM. 73 #memory_slots = @DEFMEMSLOTS@ 74 75 # Path to vhost-user-fs daemon. 76 virtio_fs_daemon = "@DEFVIRTIOFSDAEMON@" 77 78 # List of valid annotation values for the virtiofs daemon path 79 # Each member of the list is a path pattern as described by glob(3). 80 # The default if not set is empty (all annotations rejected.) 81 # Your distribution recommends: @DEFVALIDVIRTIOFSDAEMONPATHS@ 82 valid_virtio_fs_daemon_paths = @DEFVALIDVIRTIOFSDAEMONPATHS@ 83 84 # Default size of DAX cache in MiB 85 virtio_fs_cache_size = @DEFVIRTIOFSCACHESIZE@ 86 87 # Extra args for virtiofsd daemon 88 # 89 # Format example: 90 # ["-o", "arg1=xxx,arg2", "-o", "hello world", "--arg3=yyy"] 91 # 92 # see `virtiofsd -h` for possible options. 93 virtio_fs_extra_args = @DEFVIRTIOFSEXTRAARGS@ 94 95 # Cache mode: 96 # 97 # - none 98 # Metadata, data, and pathname lookup are not cached in guest. They are 99 # always fetched from host and any changes are immediately pushed to host. 100 # 101 # - auto 102 # Metadata and pathname lookup cache expires after a configured amount of 103 # time (default is 1 second). Data is cached while the file is open (close 104 # to open consistency). 105 # 106 # - always 107 # Metadata, data, and pathname lookup are cached in guest and never expire. 108 virtio_fs_cache = "@DEFVIRTIOFSCACHE@" 109 110 # Block storage driver to be used for the hypervisor in case the container 111 # rootfs is backed by a block device. This is virtio-scsi, virtio-blk 112 # or nvdimm. 113 block_device_driver = "virtio-blk" 114 115 # This option changes the default hypervisor and kernel parameters 116 # to enable debug output where available. This extra output is added 117 # to the proxy logs, but only when proxy debug is also enabled. 118 # 119 # Default false 120 #enable_debug = true 121 122 [proxy.@PROJECT_TYPE@] 123 path = "@PROXYPATH@" 124 125 # If enabled, proxy messages will be sent to the system log 126 # (default: disabled) 127 #enable_debug = true 128 129 [shim.@PROJECT_TYPE@] 130 path = "@SHIMPATH@" 131 132 # If enabled, shim messages will be sent to the system log 133 # (default: disabled) 134 #enable_debug = true 135 136 # If enabled, the shim will create opentracing.io traces and spans. 137 # (See https://www.jaegertracing.io/docs/getting-started). 138 # 139 # Note: By default, the shim runs in a separate network namespace. Therefore, 140 # to allow it to send trace details to the Jaeger agent running on the host, 141 # it is necessary to set 'disable_new_netns=true' so that it runs in the host 142 # network namespace. 143 # 144 # (default: disabled) 145 #enable_tracing = true 146 147 148 [agent.@PROJECT_TYPE@] 149 # If enabled, make the agent display debug-level messages. 150 # (default: disabled) 151 #enable_debug = true 152 153 # Enable agent tracing. 154 # 155 # If enabled, the default trace mode is "dynamic" and the 156 # default trace type is "isolated". The trace mode and type are set 157 # explicity with the `trace_type=` and `trace_mode=` options. 158 # 159 # Notes: 160 # 161 # - Tracing is ONLY enabled when `enable_tracing` is set: explicitly 162 # setting `trace_mode=` and/or `trace_type=` without setting `enable_tracing` 163 # will NOT activate agent tracing. 164 # 165 # - See https://github.com/kata-containers/agent/blob/master/TRACING.md for 166 # full details. 167 # 168 # (default: disabled) 169 #enable_tracing = true 170 # 171 #trace_mode = "dynamic" 172 #trace_type = "isolated" 173 174 175 [netmon] 176 # If enabled, the network monitoring process gets started when the 177 # sandbox is created. This allows for the detection of some additional 178 # network being added to the existing network namespace, after the 179 # sandbox has been created. 180 # (default: disabled) 181 #enable_netmon = true 182 183 # Specify the path to the netmon binary. 184 path = "@NETMONPATH@" 185 186 # If enabled, netmon messages will be sent to the system log 187 # (default: disabled) 188 #enable_debug = true 189 190 191 [runtime] 192 # If enabled, the runtime will log additional debug messages to the 193 # system log 194 # (default: disabled) 195 #enable_debug = true 196 # 197 # Internetworking model 198 # Determines how the VM should be connected to the 199 # the container network interface 200 # Options: 201 # 202 # - bridged (Deprecated) 203 # Uses a linux bridge to interconnect the container interface to 204 # the VM. Works for most cases except macvlan and ipvlan. 205 # ***NOTE: This feature has been deprecated with plans to remove this 206 # feature in the future. Please use other network models listed below. 207 # 208 # 209 # - macvtap 210 # Used when the Container network interface can be bridged using 211 # macvtap. 212 # 213 # - none 214 # Used when customize network. Only creates a tap device. No veth pair. 215 # 216 # - tcfilter 217 # Uses tc filter rules to redirect traffic from the network interface 218 # provided by plugin to a tap interface connected to the VM. 219 # 220 internetworking_model="@DEFNETWORKMODEL_CLH@" 221 222 # disable guest seccomp 223 # Determines whether container seccomp profiles are passed to the virtual 224 # machine and applied by the kata agent. If set to true, seccomp is not applied 225 # within the guest 226 # (default: true) 227 disable_guest_seccomp=@DEFDISABLEGUESTSECCOMP@ 228 229 # If enabled, the runtime will create opentracing.io traces and spans. 230 # (See https://www.jaegertracing.io/docs/getting-started). 231 # (default: disabled) 232 #enable_tracing = true 233 234 # If enabled, the runtime will not create a network namespace for shim and hypervisor processes. 235 # This option may have some potential impacts to your host. It should only be used when you know what you're doing. 236 # `disable_new_netns` conflicts with `enable_netmon` 237 # `disable_new_netns` conflicts with `internetworking_model=bridged` and `internetworking_model=macvtap`. It works only 238 # with `internetworking_model=none`. The tap device will be in the host network namespace and can connect to a bridge 239 # (like OVS) directly. 240 # If you are using docker, `disable_new_netns` only works with `docker run --net=none` 241 # (default: false) 242 #disable_new_netns = true 243 244 # if enabled, the runtime will add all the kata processes inside one dedicated cgroup. 245 # The container cgroups in the host are not created, just one single cgroup per sandbox. 246 # The runtime caller is free to restrict or collect cgroup stats of the overall Kata sandbox. 247 # The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation. 248 # The sandbox cgroup is constrained if there is no container type annotation. 249 # See: https://godoc.org/github.com/kata-containers/runtime/virtcontainers#ContainerType 250 sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY@ 251 252 # Enabled experimental feature list, format: ["a", "b"]. 253 # Experimental features are features not stable enough for production, 254 # they may break compatibility, and are prepared for a big version bump. 255 # Supported experimental features: 256 # (default: []) 257 experimental=@DEFAULTEXPFEATURES@ 258 259 # If enabled, containers are allowed to join the pid namespace of the agent 260 # when the env variable KATA_AGENT_PIDNS is set for a container. 261 # Use this with caution and only when required, as this option allows the container 262 # to access the agent process. It is recommended to enable this option 263 # only in debug scenarios and with containers with lowered priveleges. 264 #enable_agent_pidns = true