From 2142f885261a690a17a9e208b4cff270c6e3386a Mon Sep 17 00:00:00 2001 From: Johan Thomsen Date: Mon, 10 May 2021 12:01:10 +0200 Subject: [PATCH] nixos/containerd: sanitize StateDirectory and RuntimeDirectory --- nixos/modules/services/cluster/kubernetes/default.nix | 6 +++--- nixos/modules/services/cluster/kubernetes/kubelet.nix | 2 +- nixos/modules/virtualisation/containerd.nix | 3 +++ 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index 19edc338bba1..0dc3649237b7 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -7,12 +7,12 @@ let defaultContainerdConfigFile = pkgs.writeText "containerd.toml" '' version = 2 - root = "/var/lib/containerd/daemon" - state = "/var/run/containerd/daemon" + root = "/var/lib/containerd" + state = "/run/containerd" oom_score = 0 [grpc] - address = "/var/run/containerd/containerd.sock" + address = "/run/containerd/containerd.sock" [plugins."io.containerd.grpc.v1.cri"] sandbox_image = "pause:latest" diff --git a/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixos/modules/services/cluster/kubernetes/kubelet.nix index a428a60800cd..fcfcc8435477 100644 --- a/nixos/modules/services/cluster/kubernetes/kubelet.nix +++ b/nixos/modules/services/cluster/kubernetes/kubelet.nix @@ -134,7 +134,7 @@ in containerRuntimeEndpoint = mkOption { description = "Endpoint at which to find the container runtime api interface/socket"; type = str; - default = "unix:///var/run/containerd/containerd.sock"; + default = "unix:///run/containerd/containerd.sock"; }; enable = mkEnableOption "Kubernetes kubelet."; diff --git a/nixos/modules/virtualisation/containerd.nix b/nixos/modules/virtualisation/containerd.nix index 194276d16958..6d6ba454bd84 100644 --- a/nixos/modules/virtualisation/containerd.nix +++ b/nixos/modules/virtualisation/containerd.nix @@ -54,6 +54,9 @@ in LimitNOFILE = "infinity"; TasksMax = "infinity"; OOMScoreAdjust = "-999"; + + StateDirectory = "containerd"; + RuntimeDirectory = "containerd"; }; }; };