config merge via imports overwrites the wrong part of the config #5837
Description
Hi,
I'm trying to use imports to append a custom config to the containerd configuration as i want to avoid editing the config.toml files
config.toml
# Kubernetes doesn't use containerd restart manager.
disabled_plugins = ["restart"]
oom_score = -999
imports = ["/etc/containerd/config.d/*.toml"]
[debug]
level = "debug"
[grpc]
gid = 412
[plugins.cri]
stream_server_address = "127.0.0.1"
max_container_log_line_size = 262144
[plugins.cri.cni]
bin_dir = "/home/kubernetes/bin"
conf_dir = "/etc/cni/net.d"
conf_template = ""
[plugins.cri.registry.mirrors."docker.io"]
endpoint = ["https://mirror.gcr.io","https://registry-1.docker.io"]
I have added a custom_config.toml file under /etc/containerd/config.d. It's content is
[plugins.cri.registry.mirrors."myregistrydomain.com"]
endpoint = ["https://myregistrydomain.com"]
[plugins.cri.registry.configs."myregistrydomain.com".tls]
ca_file = "/etc/custom-certs/cert.pem"
Before restarting the containerd daemon, a crictl info returns
{
"status": {
"conditions": [
{
"type": "RuntimeReady",
"status": true,
"reason": "",
"message": ""
},
{
"type": "NetworkReady",
"status": true,
"reason": "",
"message": ""
}
]
},
"cniconfig": {
"PluginDirs": [
"/home/kubernetes/bin"
],
"PluginConfDir": "/etc/cni/net.d",
"PluginMaxConfNum": 1,
"Prefix": "eth",
"Networks": [
{
"Config": {
"Name": "cni-loopback",
"CNIVersion": "0.3.1",
"Plugins": [
{
"Network": {
"type": "loopback",
"ipam": {},
"dns": {}
},
"Source": "{\"type\":\"loopback\"}"
}
],
"Source": "{\n\"cniVersion\": \"0.3.1\",\n\"name\": \"cni-loopback\",\n\"plugins\": [{\n \"type\": \"loopback\"\n}]\n}"
},
"IFName": "lo"
},
{
"Config": {
"Name": "gke-pod-network",
"CNIVersion": "0.3.1",
"Plugins": [
{
"Network": {
"type": "gke",
"ipam": {
"type": "host-local"
},
"dns": {}
},
"Source": "{\"ipam\":{\"ranges\":[[{\"subnet\":\"10.100.5.0/24\"}]],\"routes\":[{\"dst\":\"0.0.0.0/0\"}],\"type\":\"host-local\"},\"mtu\":1460,\"type\":\"gke\"}"
},
{
"Network": {
"type": "portmap",
"capabilities": {
"portMappings": true
},
"ipam": {},
"dns": {}
},
"Source": "{\"capabilities\":{\"portMappings\":true},\"type\":\"portmap\"}"
},
{
"Network": {
"type": "bandwidth",
"capabilities": {
"bandwidth": true
},
"ipam": {},
"dns": {}
},
"Source": "{\"capabilities\":{\"bandwidth\":true},\"type\":\"bandwidth\"}"
},
{
"Network": {
"type": "cilium-cni",
"ipam": {},
"dns": {}
},
"Source": "{\"type\":\"cilium-cni\"}"
}
],
"Source": "{ \"name\": \"gke-pod-network\", \"cniVersion\": \"0.3.1\", \"plugins\": [ { \"type\": \"gke\", \"mtu\": 1460, \"ipam\": { \"type\": \"host-local\", \"ranges\": [ [{\"subnet\": \"10.100.5.0/24\"}] ], \"routes\": [ {\"dst\": \"0.0.0.0/0\"} ] } }, { \"type\": \"portmap\", \"capabilities\": { \"portMappings\": true } },{\"type\": \"bandwidth\",\"capabilities\": {\"bandwidth\": true}},{\"type\": \"cilium-cni\"} ] }\n"
},
"IFName": "eth0"
}
]
},
"config": {
"containerd": {
"snapshotter": "overlayfs",
"defaultRuntimeName": "runc",
"defaultRuntime": {
"runtimeType": "",
"runtimeEngine": "",
"PodAnnotations": null,
"ContainerAnnotations": null,
"runtimeRoot": "",
"options": null,
"privileged_without_host_devices": false,
"baseRuntimeSpec": ""
},
"untrustedWorkloadRuntime": {
"runtimeType": "",
"runtimeEngine": "",
"PodAnnotations": null,
"ContainerAnnotations": null,
"runtimeRoot": "",
"options": null,
"privileged_without_host_devices": false,
"baseRuntimeSpec": ""
},
"runtimes": {
"runc": {
"runtimeType": "io.containerd.runc.v2",
"runtimeEngine": "",
"PodAnnotations": null,
"ContainerAnnotations": null,
"runtimeRoot": "",
"options": {},
"privileged_without_host_devices": false,
"baseRuntimeSpec": ""
}
},
"noPivot": false,
"disableSnapshotAnnotations": true,
"discardUnpackedLayers": false
},
"cni": {
"binDir": "/home/kubernetes/bin",
"confDir": "/etc/cni/net.d",
"maxConfNum": 1,
"confTemplate": ""
},
"registry": {
"mirrors": {
"docker.io": {
"endpoint": [
"https://mirror.gcr.io",
"https://registry-1.docker.io"
]
}
},
"configs": null,
"auths": null,
"headers": null
},
"imageDecryption": {
"keyModel": ""
},
"disableTCPService": true,
"streamServerAddress": "127.0.0.1",
"streamServerPort": "0",
"streamIdleTimeout": "4h0m0s",
"enableSelinux": false,
"selinuxCategoryRange": 1024,
"sandboxImage": "k8s.gcr.io/pause:3.2",
"statsCollectPeriod": 10,
"systemdCgroup": false,
"enableTLSStreaming": false,
"x509KeyPairStreaming": {
"tlsCertFile": "",
"tlsKeyFile": ""
},
"maxContainerLogSize": 262144,
"disableCgroup": false,
"disableApparmor": false,
"restrictOOMScoreAdj": false,
"maxConcurrentDownloads": 3,
"disableProcMount": false,
"unsetSeccompProfile": "",
"tolerateMissingHugetlbController": true,
"disableHugetlbController": true,
"ignoreImageDefinedVolumes": false,
"containerdRootDir": "/var/lib/containerd",
"containerdEndpoint": "/run/containerd/containerd.sock",
"rootDir": "/var/lib/containerd/io.containerd.grpc.v1.cri",
"stateDir": "/run/containerd/io.containerd.grpc.v1.cri"
},
"golang": "go1.13.5",
"lastCNILoadStatus": "OK"
}
After restarting the containerd daemon, somehow the config merge changes the binDir. below is a truncated output of crictl info to only the part i don't understand why it's changing
"cni": {
"binDir": "/opt/cni/bin",
"confDir": "/etc/cni/net.d",
"maxConfNum": 1,
"confTemplate": ""
},
What i don't understand is why my binDir is changing and where this value(/opt/cni/bin) coming from
Any help is appreciated it, happy to provide dumps
crictl version
Version: 0.1.0
RuntimeName: containerd
RuntimeVersion: 1.4.4
RuntimeApiVersion: v1alpha2