The main change being the allow_runtimes value which enables the runsc runtime (gVisor), not enabled by default. This actually allows submitted Docker tasks to use the runtime = "runsc" configuration value.
Note: this doesn't seem to work with Falco monitoring, which seems to only support the default runc runtime. It also seems to introduce some health check problems with Consul's service mesh capabilities, but I'm not sure of the cause (I believe the error was "no route to host" in the UI).
The main change being the
allow_runtimesvalue which enables therunscruntime (gVisor), not enabled by default. This actually allows submitted Docker tasks to use theruntime = "runsc"configuration value.Note: this doesn't seem to work with Falco monitoring, which seems to only support the default
runcruntime. It also seems to introduce some health check problems with Consul's service mesh capabilities, but I'm not sure of the cause (I believe the error was "no route to host" in the UI).