You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
+4-3
Original file line number
Diff line number
Diff line change
@@ -77,7 +77,7 @@ will launch the job.<br/>
77
77
78
78
More detailed instructions are in the [`example README.md`](https://github.com/Roblox/nomad-driver-containerd/tree/master/example)
79
79
80
-
## Supported options
80
+
## Supported Options
81
81
82
82
**Driver Config**
83
83
@@ -92,8 +92,8 @@ More detailed instructions are in the [`example README.md`](https://github.com/R
92
92
93
93
Valid options for `containerd_runtime` (Driver Config).
94
94
95
-
-`io.containerd.runc.v1`: runc runtime that supports a single container.
96
-
-`io.containerd.runc.v2` (Default): runc runtime that supports multiple containers per shim.
95
+
-`io.containerd.runc.v1`: `runc` runtime that supports a single container.
96
+
-`io.containerd.runc.v2` (Default): `runc` runtime that supports multiple containers per shim.
97
97
-`io.containerd.runsc.v1`: `gVisor` is an OCI compliant container runtime which provides better security than `runc`. They achieve this by implementing a user space kernel written in go, which implements a substantial portion of the Linux system call interface. For more details, please check their [`official documentation`](https://gvisor.dev/docs/)
98
98
-`sysbox-runc`: `sysbox-runc` is another container runtime that runs a system container which will have system services like systemd (init system), docker, kubernetes already running inside that system container. This will allow you to have a container that is more akin to a VM, and you can launch other containers inside that system container. This also provides better security than `runc` as they run their system container in a user namespace and use shiftfs filesystem to shift UIDs/GIDs. For more details, please check their [`official documentation`](https://www.nestybox.com)
99
99
@@ -112,6 +112,7 @@ Valid options for `containerd_runtime` (Driver Config).
112
112
|**seccomp**| bool | no | Enable default seccomp profile. List of [`allowed syscalls`](https://github.com/containerd/containerd/blob/master/contrib/seccomp/seccomp_default.go#L51-L395). |
113
113
|**seccomp_profile**| string | no | Path to custom seccomp profile. `seccomp` must be set to `true` in order to use `seccomp_profile`. The default `docker` seccomp profile found [`here`](https://github.com/moby/moby/blob/master/profiles/seccomp/default.json) can be used as a reference, and modified to create a custom seccomp profile. |
114
114
|**readonly_rootfs**| bool | no | Container root filesystem will be read-only. |
115
+
|**runtime**| string | no | A string representing a configured runtime to pass to containerd. This is equivalent to the `--runtime` argument in the docker CLI. |
115
116
|**host_network**| bool | no | Enable host network. This is equivalent to `--net=host` in docker. |
116
117
|**extra_hosts**|[]string | no | A list of hosts, given as host:IP, to be added to /etc/hosts. |
117
118
|**cap_add**|[]string | no | Add individual capabilities. |
0 commit comments