Merge "Ensure containerd binds to the loopback interface"

2020-05-05 19:51:23 +00:00 · 2020-05-05 19:51:23 +00:00 · 250f2a6dc6
commit 250f2a6dc6
parent 33d318b1fc b793518f65
2 changed files with 9 additions and 2 deletions
--- a/puppet-manifests/src/modules/platform/manifests/containerd.pp
+++ b/puppet-manifests/src/modules/platform/manifests/containerd.pp
@ -5,7 +5,8 @@ class platform::containerd::params (
  $no_proxy     = undef,
  $k8s_registry    = undef,
  $insecure_registries = undef,
-  $k8s_cni_bin_dir = '/usr/libexec/cni'
+  $k8s_cni_bin_dir = '/usr/libexec/cni',
+  $stream_server_address = 'localhost',
 ) { }

 class platform::containerd::config
@ -60,6 +61,12 @@ class platform::containerd::config
  # get cni bin directory
  $k8s_cni_bin_dir = $::platform::kubernetes::params::k8s_cni_bin_dir

+  if $::platform::network::mgmt::params::subnet_version == $::platform::params::ipv6 {
+    $stream_server_address = '::1'
+  } else {
+    $stream_server_address = '127.0.0.1'
+  }
+
  file { '/etc/containerd':
    ensure => 'directory',
    owner  => 'root',
--- a/puppet-manifests/src/modules/platform/templates/config.toml.erb
+++ b/puppet-manifests/src/modules/platform/templates/config.toml.erb
@ -26,7 +26,7 @@ oom_score = 0
  [plugins.cgroups]
    no_prometheus = false
  [plugins.cri]
-    stream_server_address = ""
+    stream_server_address = "<%= @stream_server_address %>"
    stream_server_port = "0"
    enable_selinux = false
    sandbox_image = "registry.local:9001/k8s.gcr.io/pause:3.2"