openshift-docs/modules/create-a-containerruntimeconfig-crd.adoc

// Module included in the following assemblies:
//
// * post_installation_configuration/machine-configuration-tasks.adoc

[id="create-a-containerruntimeconfig_{context}"]

= Creating a ContainerRuntime CR to edit CRI-O parameters
The ContainerRuntimeConfig custom resource definition (CRD) provides a
structured way of changing settings associated with the {product-title}
CRI-O runtime. Using a ContainerRuntimeConfig custom resource (CR),
you select the configuration values you want and the MCO handles rebuilding
the `crio.conf` and `storage.conf` configuration files.

Parameters you can set in a ContainerRuntimeConfig CR include:

* **PIDs limit**: Sets the maximum number of processes allowed in a container.
By default, the limit is set to 1024 (`pids_limit = 1024`).
* **Log level**: Sets the level of verbosity for log messages. The default is
`info` (`log_level = info`). Other options include `fatal`, `panic`, `error`,
`warn`, `debug`, and `trace`.
* **Overlay size**: Sets the maxim size of a container image. The default is
10 GB.
* **Maximum log size**: Sets the maximum size allowed for the container
log file. The default maximum log size is unlimited (`log_size_max = -1`).
If it is set to a positive number, it must be at least 8192
to not be smaller than `conmon`'s read buffer. Conmon is a program that
monitors communications between a container manager (such as Podman or CRI-O)
and the OCI runtime (such as runc or crun) for a single container.

The following procedure describes how to change CRI-O settings using the
ContainerRuntimeConfig CR.

.Procedure

. To raise the `pidsLimit` to 2048, set the `logLevel` to `debug`, and
set the `overlaySize` to 8 GB, create a CR file
(for example, `overlay-size.yaml`) that contains that setting:
+
[source,yaml]
----
$ cat << EOF > /tmp/overlay-size.yaml
apiVersion: machineconfiguration.openshift.io/v1
kind: ContainerRuntimeConfig
metadata:
 name: overlay-size
spec:
 machineConfigPoolSelector:
   matchLabels:
     custom-crio: overlay-size
 containerRuntimeConfig:
   pidsLimit: 2048
   logLevel: debug
   overlaySize: 8G
EOF
----

. To apply the ContainerRuntimeConfig settings, run:
+
[source,terminal]
----
$ oc create -f /tmp/overlay-size
----

. To verify that the settings wer applied, run:
+
[source,terminal]
----
$ oc get ContainerRuntimeConfig
NAME           AGE
overlay-size   3m19s

----

. To edit a pool of machines, such as `worker`, run the following
command to open a MachineConfigPool:
+
[source,terminal]
----
$ oc edit machineconfigpool worker
----

. Check that a new containerruntime object has appeared under the machineconfigs:
+
[source,terminal]
----
$ oc get machineconfigs | grep containerrun
99-worker-generated-containerruntime   2c9371fbb673b97a6fe8b1c52691999ed3a1bfc2  3.1.0  31s
----
. Monitor the Machine Config Pool as the changes are rolled into the machines until all are shown as ready:
+
[source,terminal]
----
$ oc get mcp worker
NAME    CONFIG               UPDATED  UPDATING  DEGRADED  MACHINECOUNT  READYMACHINECOUNT  UPDATEDMACHINECOUNT  DEGRADEDMACHINECOUNT  AGE
worker  rendered-worker-169  False    True      False     3             1                  1                    0                     9h
----

. Open an `oc debug` session to a worker node and run `chroot /host`.

. Verify the changes by running:
+
[source,terminal]
----
$ crio config | egrep 'log_level|pids_limit'
pids_limit = 2048
log_level = "debug"
$ head -n 7 /etc/containers/storage.conf
[storage]
  driver = "overlay"
  runroot = "/var/run/containers/storage"
  graphroot = "/var/lib/containers/storage"
  [storage.options]
    additionalimagestores = []
    size = "8G"
----