commit 51a3ed59a1408fe5d8103dca5b6a04dbaa4e5b6a
author Lorenz Brun <lorenz@monogon.tech> Wed Jun 21 16:45:15 2023 +0200
committer Lorenz Brun <lorenz@monogon.tech> Thu Jun 22 12:33:31 2023 +0000
tree b17dd748b088b4c7899c4aee0a1ab862a59509b4
parent 186109c55db3121749311fc2e954be0eaccdf249

m/n/k/containerd: change default runtime to runc

For high-security usecases it might still make sense to force gVisor,
but generally people expect runc as the default runtime. gVisor can
still be used by specifying a runtimeclass in the pod.

Change-Id: Idc02275fd00c2a7dff3ce6949268294afa5644eb
Reviewed-on: https://review.monogon.dev/c/monogon/+/1839
Tested-by: Jenkins CI
Reviewed-by: Leopold Schabel <leo@monogon.tech>

metropolis/node/kubernetes/containerd/config.toml

diff --git a/metropolis/node/kubernetes/containerd/config.toml b/metropolis/node/kubernetes/containerd/config.toml
index 98a11fe..7348605 100644
--- a/metropolis/node/kubernetes/containerd/config.toml
+++ b/metropolis/node/kubernetes/containerd/config.toml
@@ -67,7 +67,7 @@
     disable_proc_mount = false
     [plugins."io.containerd.grpc.v1.cri".containerd]
       snapshotter = "overlayfs"
-      default_runtime_name = "runsc"
+      default_runtime_name = "runc"
       no_pivot = false
       [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
         runtime_type = ""