blob: b821eb78d255dfe169f57a9c897bc9b4d1001a68 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
#+TITLE: containerd-to-vm
#+AUTHOR: franck cuny <franck@fcuny.net>
* What
A recent [[https://fly.io/blog/docker-without-docker/][article]] from the team at [[https://fly.io][fly.io]] described how they build VMs for firecracker from the docker image provided by their customers. They outline the following steps:
1. Pull the matching container from the registry.
2. Create a loop device to store the container's filesystem on.
3. Unpack the container (in this case, using Docker's Go libraries) into the mounted loop device.
4. Create a second block device and inject our init, kernel, configuration, and other goop into.
5. Track down any persistent volumes attached to the application, unlock them with LUKS, and collect their unlocked block devices.
6. Create a TAP device, configure it for our network, and attach BPF code to it.
7. Hand all this stuff off to Firecracker and tell it to boot .
As I've been interested in playing with both containerd's API and firecracker, I thought it would be a good opportunity to try to implement this.
* How
You'll need a few things before you can run this tool.
** Kernel
You'll need a kernel to run this. The following instructions should do it (to get a 5.8 kernel):
#+begin_src sh
git clone https://github.com/torvalds/linux.git linux.git
cd linux.git
git checkout v5.8
curl -o .config -s https://github.com/firecracker-microvm/firecracker/blob/main/resources/microvm-kernel-x86_64.config
make menuconfig
make vmlinux -j8
#+end_src
** CNI
You need CNI plugins and configurations installed. The recommended configuration is stored under ~hack/cni~. It needs to be copied to ~/etc/cni/conf.d~.
** Firecracker binaries
Running ~make firecracker-binary~ will download a version of firecracker under the directory ~hack/firecracker~.
|
