containerd-config-cli 1.0.0

package/README.md

@@ -0,0 +1,73 @@
+# containerd-config-cli
+
+Generate containerd runtime configurations from the command line
+
+## Installation
+
+```bash
+npm install -g containerd-config-cli
+```
+
+## Usage
+
+### Initialize configuration
+
+```bash
+containerd-config init
+containerd-config init --template advanced
+containerd-config init --output custom-config.json
+```
+
+### Validate configuration
+
+```bash
+containerd-config validate
+containerd-config validate path/to/config.json
+```
+
+### View configuration
+
+```bash
+containerd-config show
+containerd-config show --env production
+containerd-config show --json
+```
+
+### Modify configuration
+
+```bash
+containerd-config set settings.debug true
+containerd-config set settings.logLevel \"warn\"
+```
+
+### Compare configurations
+
+```bash
+containerd-config diff config-dev.json config-prod.json
+```
+
+### List templates
+
+```bash
+containerd-config templates
+```
+
+## Templates
+
+| Template | Description |
+|----------|-------------|
+| `minimal` | Bare minimum configuration |
+| `standard` | Recommended defaults for most projects |
+| `advanced` | Full-featured with security, caching, and multi-environment support |
+
+## Why containerd-config-cli?
+
+- **Zero dependencies at runtime** — just `commander` and `chalk`
+- **Template-based** — start with minimal, standard, or advanced presets
+- **Validation built-in** — catch config errors before deployment
+- **Environment-aware** — manage dev/staging/production configs in one file
+- **Diff support** — compare configs across environments
+
+## License
+
+MIT

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+
+export {  }

package/dist/index.js

@@ -0,0 +1,358 @@
+#!/usr/bin/env node
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// src/index.ts
+var import_commander = require("commander");
+var import_chalk = __toESM(require("chalk"));
+var program = new import_commander.Command();
+function printSection(title, content) {
+  console.log(import_chalk.default.bold.cyan(`
+# ${title}`));
+  console.log(import_chalk.default.white(content));
+}
+function success(msg) {
+  console.log(import_chalk.default.green("\u2714 ") + msg);
+}
+function info(msg) {
+  console.log(import_chalk.default.blue("\u2139 ") + msg);
+}
+function baseConfigToml() {
+  return `version = 2
+
+[debug]
+  address = ""
+  level = "info"
+
+[metrics]
+  address = ""
+  grpc_histogram = false
+
+[plugins]
+  [plugins."io.containerd.grpc.v1.cri"]
+    sandbox_image = "registry.k8s.io/pause:3.9"
+    max_container_log_line_size = 16384
+
+    [plugins."io.containerd.grpc.v1.cri".containerd]
+      snapshotter = "overlayfs"
+      default_runtime_name = "runc"
+      no_pivot = false
+      disable_snapshot_annotations = true
+      discard_unpacked_layers = false
+
+      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+          runtime_type = "io.containerd.runc.v2"
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+            SystemdCgroup = true
+
+    [plugins."io.containerd.grpc.v1.cri".cni]
+      bin_dir = "/opt/cni/bin"
+      conf_dir = "/etc/cni/net.d"
+      max_conf_num = 1
+
+    [plugins."io.containerd.grpc.v1.cri".registry]
+      config_path = "/etc/containerd/certs.d"
+
+  [plugins."io.containerd.snapshotter.v1.overlayfs"]
+    root_path = ""
+    upperdir_label = false
+`;
+}
+function runtimeConfig(name) {
+  const runtimes = {
+    runc: `[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+  runtime_type = "io.containerd.runc.v2"
+  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+    SystemdCgroup = true
+    BinaryName = ""
+    Root = ""
+    ShimCgroup = ""`,
+    kata: `[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata]
+  runtime_type = "io.containerd.kata.v2"
+  privileged_without_host_devices = true
+  pod_annotations = ["io.katacontainers.*"]
+  container_annotations = ["io.katacontainers.*"]
+  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata.options]
+    ConfigPath = "/etc/kata-containers/configuration.toml"`,
+    gvisor: `[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runsc]
+  runtime_type = "io.containerd.runsc.v1"
+  pod_annotations = ["dev.gvisor.*"]
+  container_annotations = ["dev.gvisor.*"]
+  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runsc.options]
+    TypeUrl = "io.containerd.runsc.v1.options"
+    ConfigPath = "/etc/gvisor/config.toml"`,
+    crun: `[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.crun]
+  runtime_type = "io.containerd.runc.v2"
+  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.crun.options]
+    BinaryName = "/usr/bin/crun"
+    SystemdCgroup = true`,
+    youki: `[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.youki]
+  runtime_type = "io.containerd.runc.v2"
+  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.youki.options]
+    BinaryName = "/usr/local/bin/youki"
+    SystemdCgroup = true`
+  };
+  return runtimes[name] ?? `# Runtime "${name}" is not a built-in preset.
+# Define custom runtime_type manually.`;
+}
+function registryConfig(url) {
+  const host = (() => {
+    try {
+      return new URL(url.startsWith("http") ? url : `https://${url}`).host;
+    } catch {
+      return url;
+    }
+  })();
+  return `# Place this file at: /etc/containerd/certs.d/${host}/hosts.toml
+
+server = "https://${host}"
+
+[host."https://${host}"]
+  capabilities = ["pull", "resolve", "push"]
+  # skip_verify = false
+  # ca = ["/etc/containerd/certs.d/${host}/ca.crt"]
+
+# --- Mirror example ---
+# [host."https://mirror.example.com"]
+#   capabilities = ["pull", "resolve"]
+
+# --- Auth (via credsStore or static) ---
+# Configure credentials via:
+#   /etc/containerd/config.toml  \u2192  [plugins."io.containerd.grpc.v1.cri".registry.configs."${host}".auth]
+#     username = "user"
+#     password  = "pass"
+#     # or
+#     auth      = "<base64(user:pass)>"
+`;
+}
+function snapshotterConfig(type) {
+  const configs = {
+    overlayfs: `[plugins."io.containerd.snapshotter.v1.overlayfs"]
+  root_path = ""
+  upperdir_label = false
+  # async_remove = false`,
+    zfs: `[plugins."io.containerd.snapshotter.v1.zfs"]
+  root_path = "/var/lib/containerd/io.containerd.snapshotter.v1.zfs"
+  # pool_name   = "containerd"`,
+    btrfs: `[plugins."io.containerd.snapshotter.v1.btrfs"]
+  root_path = "/var/lib/containerd/io.containerd.snapshotter.v1.btrfs"`,
+    stargz: `[plugins."io.containerd.snapshotter.v1.stargz"]
+  root_path = "/var/lib/containerd/io.containerd.snapshotter.v1.stargz"
+  no_prometheus = false
+
+  [plugins."io.containerd.snapshotter.v1.stargz".blob]
+    check_always = false
+    fetching_timeout_sec = 30
+    max_retries = 5
+
+  [plugins."io.containerd.snapshotter.v1.stargz".prefetch]
+    timeout_sec = 120`
+  };
+  return configs[type] ?? `# Snapshotter "${type}" is not a built-in preset.
+# Consult containerd docs for custom configuration.`;
+}
+function cniConfig(name) {
+  const configs = {
+    bridge: {
+      cniVersion: "1.0.0",
+      name: "containerd-net",
+      plugins: [
+        {
+          type: "bridge",
+          bridge: "cni0",
+          isGateway: true,
+          ipMasq: true,
+          promiscMode: true,
+          ipam: {
+            type: "host-local",
+            ranges: [[{ subnet: "10.88.0.0/16" }]],
+            routes: [{ dst: "0.0.0.0/0" }]
+          }
+        },
+        { type: "portmap", capabilities: { portMappings: true } },
+        { type: "firewall" },
+        { type: "tuning" }
+      ]
+    },
+    flannel: {
+      cniVersion: "0.3.1",
+      name: "flannel",
+      plugins: [
+        { type: "flannel", delegate: { hairpinMode: true, isDefaultGateway: true } },
+        { type: "portmap", capabilities: { portMappings: true } }
+      ]
+    },
+    calico: {
+      name: "k8s-pod-network",
+      cniVersion: "0.3.1",
+      plugins: [
+        {
+          type: "calico",
+          log_level: "info",
+          log_file_path: "/var/log/calico/cni/cni.log",
+          datastore_type: "kubernetes",
+          nodename: "__KUBERNETES_NODE_NAME__",
+          mtu: 0,
+          ipam: { type: "calico-ipam" },
+          policy: { type: "k8s" },
+          kubernetes: { kubeconfig: "__KUBECONFIG_FILEPATH__" }
+        },
+        { type: "portmap", snat: true, capabilities: { portMappings: true } },
+        { type: "bandwidth", capabilities: { bandwidth: true } }
+      ]
+    },
+    weave: {
+      cniVersion: "0.3.1",
+      name: "weave",
+      plugins: [
+        { type: "weave-net", log_level: "info" },
+        { type: "portmap", capabilities: { portMappings: true } }
+      ]
+    }
+  };
+  const cfg = configs[name];
+  if (!cfg) {
+    return `# CNI plugin "${name}" is not a built-in preset.
+# See https://www.cni.dev/plugins/ for configuration reference.`;
+  }
+  return JSON.stringify(cfg, null, 2);
+}
+function criConfig() {
+  return `[plugins."io.containerd.grpc.v1.cri"]
+  # Pause container image used for Kubernetes pods
+  sandbox_image = "registry.k8s.io/pause:3.9"
+
+  # Max size of container log line in bytes (default 16KB)
+  max_container_log_line_size = 16384
+
+  # Enable selinux labeling
+  enable_selinux = false
+
+  # Enable apparmor
+  enable_apparmor = true
+
+  # Tolerate image pulls that are missing some layers (for lazy pulling)
+  ignore_image_defined_volumes = false
+
+  [plugins."io.containerd.grpc.v1.cri".containerd]
+    snapshotter            = "overlayfs"
+    default_runtime_name   = "runc"
+    no_pivot               = false
+    disable_snapshot_annotations = true
+    discard_unpacked_layers      = false
+
+  [plugins."io.containerd.grpc.v1.cri".cni]
+    bin_dir     = "/opt/cni/bin"
+    conf_dir    = "/etc/cni/net.d"
+    max_conf_num = 1
+    # conf_template = ""
+
+  [plugins."io.containerd.grpc.v1.cri".registry]
+    config_path = "/etc/containerd/certs.d"
+
+  [plugins."io.containerd.grpc.v1.cri".image_decryption]
+    key_model = "node"
+
+  [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
+    tls_cert_file = ""
+    tls_key_file  = ""
+`;
+}
+program.name("containerd-config").description(import_chalk.default.bold("containerd-config-cli") + " \u2014 Generate containerd runtime configurations").version("1.0.0");
+program.command("init").description("Generate a base config.toml with runtime, snapshotter, and plugin settings").option("--runtime <name>", "Default container runtime", "runc").option("--snapshotter <type>", "Default snapshotter", "overlayfs").option("--systemd-cgroup", "Enable systemd cgroup driver", false).action((opts) => {
+  info(`Generating base config.toml (runtime=${opts.runtime}, snapshotter=${opts.snapshotter})`);
+  let cfg = baseConfigToml();
+  if (opts.snapshotter !== "overlayfs") {
+    cfg = cfg.replace('snapshotter = "overlayfs"', `snapshotter = "${opts.snapshotter}"`);
+  }
+  if (opts.runtime !== "runc") {
+    cfg = cfg.replace('default_runtime_name = "runc"', `default_runtime_name = "${opts.runtime}"`);
+  }
+  printSection("config.toml", cfg);
+  success("Save to /etc/containerd/config.toml");
+});
+program.command("runtime <name>").description("Configure container runtime: runc, kata, gvisor, crun, youki").option("--set-default", "Also set as default_runtime_name in containerd config").action((name, opts) => {
+  const supported = ["runc", "kata", "gvisor", "crun", "youki"];
+  if (!supported.includes(name)) {
+    console.log(import_chalk.default.yellow(`\u26A0  "${name}" is not a built-in preset. Supported: ${supported.join(", ")}`));
+  } else {
+    success(`Generating runtime config for: ${import_chalk.default.bold(name)}`);
+  }
+  printSection(`Runtime: ${name}`, runtimeConfig(name));
+  if (opts.setDefault) {
+    info(`Add to containerd config: default_runtime_name = "${name === "gvisor" ? "runsc" : name}"`);
+  }
+});
+program.command("registry <url>").description("Configure registry mirror and authentication").option("--mirror <mirror>", "Mirror URL to use for pulls").option("--insecure", "Skip TLS verification", false).action((url, opts) => {
+  success(`Generating registry config for: ${import_chalk.default.bold(url)}`);
+  let cfg = registryConfig(url);
+  if (opts.mirror) {
+    cfg += `
+# Mirror configured: ${opts.mirror}
+`;
+  }
+  if (opts.insecure) {
+    cfg = cfg.replace("# skip_verify = false", "skip_verify = true");
+  }
+  printSection(`Registry: ${url}`, cfg);
+});
+program.command("snapshotter <type>").description("Configure snapshotter: overlayfs, zfs, btrfs, stargz").action((type) => {
+  const supported = ["overlayfs", "zfs", "btrfs", "stargz"];
+  if (!supported.includes(type)) {
+    console.log(import_chalk.default.yellow(`\u26A0  "${type}" is not a built-in preset. Supported: ${supported.join(", ")}`));
+  } else {
+    success(`Generating snapshotter config for: ${import_chalk.default.bold(type)}`);
+  }
+  printSection(`Snapshotter: ${type}`, snapshotterConfig(type));
+});
+program.command("cni <name>").description("Generate CNI network plugin configuration: bridge, flannel, calico, weave").option("--subnet <cidr>", "Override default subnet", "10.88.0.0/16").action((name, opts) => {
+  const supported = ["bridge", "flannel", "calico", "weave"];
+  if (!supported.includes(name)) {
+    console.log(import_chalk.default.yellow(`\u26A0  "${name}" is not a built-in preset. Supported: ${supported.join(", ")}`));
+  } else {
+    success(`Generating CNI config for: ${import_chalk.default.bold(name)}`);
+  }
+  let cfg = cniConfig(name);
+  if (opts.subnet !== "10.88.0.0/16") {
+    cfg = cfg.replace("10.88.0.0/16", opts.subnet);
+  }
+  printSection(`CNI: ${name}`, cfg);
+  if (supported.includes(name)) {
+    info("Save to /etc/cni/net.d/10-containerd-net.conflist");
+  }
+});
+program.command("cri").description("Configure CRI plugin settings for Kubernetes integration").option("--sandbox-image <image>", "Override pause container image", "registry.k8s.io/pause:3.9").option("--snapshotter <type>", "Snapshotter to use", "overlayfs").action((opts) => {
+  success("Generating CRI plugin configuration");
+  let cfg = criConfig();
+  if (opts.sandboxImage !== "registry.k8s.io/pause:3.9") {
+    cfg = cfg.replace("registry.k8s.io/pause:3.9", opts.sandboxImage);
+  }
+  if (opts.snapshotter !== "overlayfs") {
+    cfg = cfg.replace('snapshotter            = "overlayfs"', `snapshotter            = "${opts.snapshotter}"`);
+  }
+  printSection("CRI Plugin Configuration", cfg);
+  info("Merge into /etc/containerd/config.toml under [plugins]");
+});
+program.parse(process.argv);

package/package.json

@@ -0,0 +1,52 @@
+{
+  "name": "containerd-config-cli",
+  "version": "1.0.0",
+  "description": "Generate containerd runtime configurations from the command line",
+  "bin": {
+    "containerd-config": "./dist/index.js"
+  },
+  "main": "./dist/index.js",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "node node_modules/tsup/dist/cli-default.js src/index.ts --format cjs --dts --clean",
+    "dev": "node node_modules/tsup/dist/cli-default.js src/index.ts --format cjs --watch",
+    "start": "node dist/index.js"
+  },
+  "keywords": [
+    "containerd",
+    "container",
+    "runtime",
+    "config",
+    "kubernetes",
+    "cri",
+    "cni",
+    "runc",
+    "kata",
+    "gvisor"
+  ],
+  "author": "okirmio-create",
+  "license": "MIT",
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "commander": "^12.1.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.14.0",
+    "tsup": "^8.1.0",
+    "typescript": "^5.4.5"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/okirmio-create/cli-forge.git",
+    "directory": "containerd-config-cli"
+  },
+  "homepage": "https://github.com/okirmio-create/cli-forge/tree/main/containerd-config-cli",
+  "bugs": {
+    "url": "https://github.com/okirmio-create/cli-forge/issues"
+  }
+}