containerd
/
nerdctl
mirror of https://github.com/containerd/nerdctl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs/ocicrypt.md: update for containerd 1.5 

The config has been enabled by default since containerd 1.5.
(containerd PR 5135)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda 2021-08-20 17:57:56 +09:00
parent 7f0c30ee64
commit a7c7dcd285
No known key found for this signature in database
GPG Key ID: 49524C6F9F638F1A
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/ocicrypt.md
View File

@ -10,7 +10,15 @@ See https://github.com/containerd/imgcrypt
## Decryption
### Configuration
Add the following configuration to `/etc/containerd/config.toml` (for rootless `~/.config/containerd/config.toml`):
Put the private key files to `/etc/containerd/ocicrypt/keys` (for rootless `~/.config/containerd/ocicrypt/keys`).
<details>
<summary>Extra step for containerd 1.4 and older</summary>
<p>
containerd 1.4 and older requires adding the following configuration to `/etc/containerd/config.toml`
(for rootless `~/.config/containerd/config.toml`):
```toml
version = 2
@ -30,9 +38,9 @@ version = 2
# NOTE: On rootless, ~/.config/containerd is mounted as /etc/containerd in the namespace.
```
Future version of containerd may have this configuration by default: https://github.com/containerd/containerd/pull/5135
</p>
Then, put the private key files to `/etc/containerd/ocicrypt/keys` (for rootless `~/.config/containerd/ocicrypt/keys`).
</details>
### nerdctl run