sysbox-runc with containerd > 2.0 must use new containerd config scheme

[meiswjn]

When running sysbox with containerd > 2.0, it doesn't have to install CRI-O, which is great. However, if you pin the containerd config scheme version to "2" (which is the case for AKS, for example), then there is no backwards compatibility for the containerd v1 scheme ("plugins."io.containerd.grpc.v1.cri").

Wrong (current result):

oom_score = -999
version = 2

[metrics]
  address = "0.0.0.0:10257"

[plugins]

  [plugins."io.containerd.cri.v1.images"]

    [plugins."io.containerd.cri.v1.images".pinned_images]
      sandbox = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.6"

    [plugins."io.containerd.cri.v1.images".registry]
      config_path = "/etc/containerd/certs.d"

      [plugins."io.containerd.cri.v1.images".registry.headers]
        X-Meta-Source-Client = ["azure/aks"]

  [plugins."io.containerd.cri.v1.runtime"]

    [plugins."io.containerd.cri.v1.runtime".containerd]
      default_runtime_name = "runc"

      [plugins."io.containerd.cri.v1.runtime".containerd.runtimes]

        [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runc]
          runtime_type = "io.containerd.runc.v2"

          [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runc.options]
            BinaryName = "/usr/bin/runc"
            SystemdCgroup = true

        [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.untrusted]
          runtime_type = "io.containerd.runc.v2"

          [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.untrusted.options]
            BinaryName = "/usr/bin/runc"

  [plugins."io.containerd.grpc.v1.cri"]

    [plugins."io.containerd.grpc.v1.cri".containerd]

      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]

        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.sysbox-runc]
          runtime_type = "io.containerd.runc.v2"

          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.sysbox-runc.options]
            BinaryName = "/usr/bin/sysbox-runc"
            SystemdCgroup = true

Working:

oom_score = -999
version = 2

[metrics]
  address = "0.0.0.0:10257"

[plugins]

  [plugins."io.containerd.cri.v1.images"]

    [plugins."io.containerd.cri.v1.images".pinned_images]
      sandbox = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.6"

    [plugins."io.containerd.cri.v1.images".registry]
      config_path = "/etc/containerd/certs.d"

      [plugins."io.containerd.cri.v1.images".registry.headers]
        X-Meta-Source-Client = ["azure/aks"]

  [plugins."io.containerd.cri.v1.runtime"]

    [plugins."io.containerd.cri.v1.runtime".containerd]
      default_runtime_name = "runc"

      [plugins."io.containerd.cri.v1.runtime".containerd.runtimes]

        [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runc]
          runtime_type = "io.containerd.runc.v2"

          [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runc.options]
            BinaryName = "/usr/bin/runc"
            SystemdCgroup = true

        [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.untrusted]
          runtime_type = "io.containerd.runc.v2"

          [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.untrusted.options]
            BinaryName = "/usr/bin/runc"

        [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.sysbox-runc]
          runtime_type = "io.containerd.runc.v2"

          [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.sysbox-runc.options]
            BinaryName = "/usr/bin/sysbox-runc"
            SystemdCgroup = true

I do not know if the working config is complete / secure - but technically, this runs in AKS running Kubernetes 1.33 with Ubuntu 24.04.

Relates to:

• How to run Sysbox in containerd > 2.0 #958
• Containerd Support: Add features cmd sysbox-runc#106
• Kubernetes 1.33 support #961