plugin runtime

The plugin runtime command groups subcommands for interacting with and configuring the context within which your external plugins run.

If you register a container plugin without referencing a plugin runtime, it will use gVisor's OCI runtime runsc by default, with no resource limits. You can use plugin runtimes to configure other OCI-compliant runtimes such as runc. Vault does not come packaged with any supporting container runtimes, and you must separately install whichever you want to use.

To use a registered plugin runtime, use the -runtime option with the plugin registration command.

See containerized plugins for more details on running external plugins in containers.

Examples

Register a new plugin runtime to the catalog:

$ vault plugin runtime register -type=container -oci_runtime=runc runc
Success! Registered plugin runtime: runc

List all available plugin runtimes in the catalog:

$ vault plugin runtime list

Name    Type         OCI Runtime    Parent Cgroup    CPU Nanos    Memory Bytes
----    ----         -----------    -------------    ---------    ------------
runc    container    runc           n/a              0            0

Get information about a plugin runtime in the catalog:

$ vault plugin runtime info -type=container runc
Key              Value
---              -----
cgroup_parent    n/a
cpu_nanos        0
memory_bytes     0
name             runc
oci_runtime      runc
type             container

Usage

Usage: vault plugin runtime <subcommand> [options] [args]

  # ...

Subcommands:
    deregister    Deregister an existing plugin runtime in the catalog
    info          Read information about a plugin runtime in the catalog
    list          Lists available plugin runtimes
    register      Registers a new plugin runtime in the catalog

For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.