File tree Expand file tree Collapse file tree 1 file changed +12
-15
lines changed Expand file tree Collapse file tree 1 file changed +12
-15
lines changed Original file line number Diff line number Diff line change 5252 ++ ( with dockerTools ; [ caCertificates ] ) ;
5353 config = {
5454 Cmd = [ "${ pkgs . contrast . coordinator } /bin/coordinator" ] ;
55- Env = [ "PATH=/bin" ] ; # This is only here for policy generation.
56- Volumes = {
57- # Add /run folder so that iptables can create /run/xtables.lock
58- "/run" = { } ;
59- } ;
55+ Env = [
56+ "PATH=/bin" # Explicitly setting this prevents containerd from setting a default PATH.
57+ "XTABLES_LOCKFILE=/dev/shm/xtables.lock" # Tells iptables where to create the lock file, since the default path does not exist in our image.
58+ ] ;
6059 } ;
6160 } ;
6261
7574 config = {
7675 # Use Entrypoint so we can append arguments.
7776 Entrypoint = [ "${ pkgs . contrast . initializer } /bin/initializer" ] ;
78- Env = [ "PATH=/bin" ] ; # This is only here for policy generation.
79- Volumes = {
80- # Add /run folder so that iptables can create /run/xtables.lock
81- "/run" = { } ;
82- } ;
77+ Env = [
78+ "PATH=/bin" # Explicitly setting this prevents containerd from setting a default PATH.
79+ "XTABLES_LOCKFILE=/dev/shm/xtables.lock" # Tells iptables where to create the lock file, since the default path does not exist in our image.
80+ ] ;
8381 } ;
8482 } ;
8583
@@ -117,11 +115,10 @@ let
117115 config = {
118116 # Use Entrypoint so we can append arguments.
119117 Entrypoint = [ "${ pkgs . service-mesh } /bin/service-mesh" ] ;
120- Env = [ "PATH=/bin" ] ;
121- Volumes = {
122- # Add /run folder so that iptables can create /run/xtables.lock
123- "/run" = { } ;
124- } ;
118+ Env = [
119+ "PATH=/bin"
120+ "XTABLES_LOCKFILE=/dev/shm/xtables.lock" # Tells iptables where to create the lock file, since the default path does not exist in our image.
121+ ] ;
125122 } ;
126123 } ;
127124
You can’t perform that action at this time.
0 commit comments