mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-23 02:51:55 +00:00
Merge pull request #2413 from justincormack/runtime-config
Add a runtime config
This commit is contained in:
commit
9506d45d49
2
Makefile
2
Makefile
@ -21,7 +21,7 @@ endif
|
|||||||
PREFIX?=/usr/local/
|
PREFIX?=/usr/local/
|
||||||
|
|
||||||
MOBY_REPO=https://github.com/moby/tool.git
|
MOBY_REPO=https://github.com/moby/tool.git
|
||||||
MOBY_COMMIT=d9546ee1ce9c5af213c2f96fc23ce0266c4c3133
|
MOBY_COMMIT=0d58d332be0afc27be4402301f7c7950bd3ae189
|
||||||
MOBY_VERSION=0.0
|
MOBY_VERSION=0.0
|
||||||
bin/moby: tmp_moby_bin.tar | bin
|
bin/moby: tmp_moby_bin.tar | bin
|
||||||
tar xf $<
|
tar xf $<
|
||||||
|
@ -4,9 +4,9 @@ kernel:
|
|||||||
cmdline: "console=ttyS0 page_poison=1"
|
cmdline: "console=ttyS0 page_poison=1"
|
||||||
init:
|
init:
|
||||||
- linuxkit/vpnkit-expose-port:fa4ab4ac78b83fe392e39b861b4114c3bb02d170 # install vpnkit-expose-port and vpnkit-iptables-wrapper on host
|
- linuxkit/vpnkit-expose-port:fa4ab4ac78b83fe392e39b861b4114c3bb02d170 # install vpnkit-expose-port and vpnkit-iptables-wrapper on host
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
onboot:
|
onboot:
|
||||||
# support metadata for optional config in /var/config
|
# support metadata for optional config in /var/config
|
||||||
- name: metadata
|
- name: metadata
|
||||||
|
@ -4,7 +4,7 @@ kernel:
|
|||||||
tar: none
|
tar: none
|
||||||
init:
|
init:
|
||||||
- linuxkit/init-lcow:227221c5f344b59c841fd57d0a9decbc50f1bb5e
|
- linuxkit/init-lcow:227221c5f344b59c841fd57d0a9decbc50f1bb5e
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
trust:
|
trust:
|
||||||
org:
|
org:
|
||||||
- linuxkit
|
- linuxkit
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=ttyS0"
|
cmdline: "console=ttyS0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=ttyS0"
|
cmdline: "console=ttyS0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=ttyS0"
|
cmdline: "console=ttyS0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
onboot:
|
onboot:
|
||||||
- name: dhcpcd
|
- name: dhcpcd
|
||||||
image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
|
image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=tty0 console=ttyS0"
|
cmdline: "console=tty0 console=ttyS0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
services:
|
services:
|
||||||
- name: getty
|
- name: getty
|
||||||
image: linuxkit/getty:797cb79e0a229fcd16ebf44a0da74bcec03968ec
|
image: linuxkit/getty:797cb79e0a229fcd16ebf44a0da74bcec03968ec
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=ttyS1"
|
cmdline: "console=ttyS1"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
|
@ -4,9 +4,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
onboot:
|
onboot:
|
||||||
- name: dhcpcd
|
- name: dhcpcd
|
||||||
image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
|
image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
|
@ -3,8 +3,8 @@ kernel:
|
|||||||
cmdline: "console=tty0 console=ttyS0"
|
cmdline: "console=tty0 console=ttyS0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
|
- linuxkit/init:d049e7b2074da5cd699a27defb47eb101142455d
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=tty0"
|
cmdline: "console=tty0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=ttyS0"
|
cmdline: "console=ttyS0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
onboot:
|
onboot:
|
||||||
- name: dhcpcd
|
- name: dhcpcd
|
||||||
image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
|
image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=ttyS0"
|
cmdline: "console=ttyS0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
onboot:
|
onboot:
|
||||||
- name: dhcpcd
|
- name: dhcpcd
|
||||||
image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
|
image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
|
||||||
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=ttyS0"
|
cmdline: "console=ttyS0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
|
57
examples/wireguard.yml
Normal file
57
examples/wireguard.yml
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
kernel:
|
||||||
|
image: linuxkit/kernel:4.9.43
|
||||||
|
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
||||||
|
init:
|
||||||
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
|
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
||||||
|
onboot:
|
||||||
|
- name: sysctl
|
||||||
|
image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051
|
||||||
|
- name: dhcpcd
|
||||||
|
image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
|
||||||
|
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
|
||||||
|
- name: wg
|
||||||
|
image: linuxkit/ip:4ce3b47fef3a9d5c78ae45e2946c9fdf95af2fa5
|
||||||
|
net: new
|
||||||
|
binds:
|
||||||
|
- /etc/wireguard:/etc/wireguard
|
||||||
|
command: ["sh", "-c", "ip link set dev wg0 up; ip address add dev wg0 192.168.2.1 peer 192.168.2.2; wg setconf wg0 /etc/wireguard/wg0.conf; wg show wg0"]
|
||||||
|
runtime:
|
||||||
|
interfaces:
|
||||||
|
- name: wg0
|
||||||
|
add: wireguard
|
||||||
|
createInRoot: true
|
||||||
|
bindNS:
|
||||||
|
net: /run/netns/wg
|
||||||
|
services:
|
||||||
|
- name: getty
|
||||||
|
image: linuxkit/getty:797cb79e0a229fcd16ebf44a0da74bcec03968ec
|
||||||
|
env:
|
||||||
|
- INSECURE=true
|
||||||
|
net: /run/netns/wg
|
||||||
|
- name: rngd
|
||||||
|
image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
|
||||||
|
- name: nginx
|
||||||
|
image: nginx:alpine
|
||||||
|
net: /run/netns/wg
|
||||||
|
capabilities:
|
||||||
|
- CAP_NET_BIND_SERVICE
|
||||||
|
- CAP_CHOWN
|
||||||
|
- CAP_SETUID
|
||||||
|
- CAP_SETGID
|
||||||
|
- CAP_DAC_OVERRIDE
|
||||||
|
files:
|
||||||
|
- path: etc/wireguard/wg0.conf
|
||||||
|
contents: |
|
||||||
|
[Interface]
|
||||||
|
PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=
|
||||||
|
ListenPort = 51820
|
||||||
|
[Peer]
|
||||||
|
PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=
|
||||||
|
AllowedIPs = 0.0.0.0/0
|
||||||
|
trust:
|
||||||
|
org:
|
||||||
|
- linuxkit
|
||||||
|
- library
|
@ -2,9 +2,9 @@ kernel:
|
|||||||
image: linuxkit/kernel:4.9.43
|
image: linuxkit/kernel:4.9.43
|
||||||
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:c7d651da1a5e308c757bc61ce6a41804ea843426
|
- linuxkit/init:09d549199c7615fee56567c70d8263585dfa02f7
|
||||||
- linuxkit/runc:838259153885c0c40460379d6cdb7baebaf3fa36
|
- linuxkit/runc:a1b564248a0d0b118c11e61db9f84ecf41dd2d2a
|
||||||
- linuxkit/containerd:09a21d6606a4011efebacff62a88b956ecac01be
|
- linuxkit/containerd:fc35653f832f053bfb1ce1ed84d2bb7a277e9c18
|
||||||
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
- linuxkit/ca-certificates:e44b0a66df5a102c0e220f0066b0d904710dcb10
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
|
@ -20,9 +20,6 @@ RUN git checkout $CONTAINERD_COMMIT
|
|||||||
RUN make binaries EXTRA_FLAGS="-buildmode pie" EXTRA_LDFLAGS="-extldflags \\\"-fno-PIC -static\\\""
|
RUN make binaries EXTRA_FLAGS="-buildmode pie" EXTRA_LDFLAGS="-extldflags \\\"-fno-PIC -static\\\""
|
||||||
RUN cp bin/containerd bin/ctr bin/containerd-shim /usr/bin/
|
RUN cp bin/containerd bin/ctr bin/containerd-shim /usr/bin/
|
||||||
|
|
||||||
ADD cmd /go/src/cmd
|
|
||||||
RUN cd /go/src/cmd/service && ./skanky-vendor.sh $GOPATH/src/github.com/containerd/containerd
|
|
||||||
RUN go-compile.sh /go/src/cmd/service
|
|
||||||
RUN mkdir -p /etc/init.d && ln -s /usr/bin/service /etc/init.d/020-containerd
|
RUN mkdir -p /etc/init.d && ln -s /usr/bin/service /etc/init.d/020-containerd
|
||||||
|
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
@ -31,7 +28,7 @@ COPY . .
|
|||||||
FROM scratch
|
FROM scratch
|
||||||
ENTRYPOINT []
|
ENTRYPOINT []
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
COPY --from=alpine /usr/bin/containerd /usr/bin/ctr /usr/bin/containerd-shim /go/bin/service /usr/bin/
|
COPY --from=alpine /usr/bin/containerd /usr/bin/ctr /usr/bin/containerd-shim /usr/bin/
|
||||||
COPY --from=alpine /etc/containerd/config.toml /etc/containerd/
|
COPY --from=alpine /etc/containerd/config.toml /etc/containerd/
|
||||||
COPY --from=alpine /usr/share/zoneinfo/UTC /etc/localtime
|
COPY --from=alpine /usr/share/zoneinfo/UTC /etc/localtime
|
||||||
COPY --from=alpine /etc/init.d/ /etc/init.d/
|
COPY --from=alpine /etc/init.d/ /etc/init.d/
|
||||||
|
@ -1,87 +0,0 @@
|
|||||||
package main
|
|
||||||
|
|
||||||
// Please note this file is shared between pkg/runc and pkg/containerd
|
|
||||||
// Update it in both places if you make changes
|
|
||||||
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
"os"
|
|
||||||
"path/filepath"
|
|
||||||
"syscall"
|
|
||||||
)
|
|
||||||
|
|
||||||
func prepare(path string) error {
|
|
||||||
// see if we are dealing with a read only or read write container
|
|
||||||
if _, err := os.Stat(filepath.Join(path, "lower")); err != nil {
|
|
||||||
if os.IsNotExist(err) {
|
|
||||||
return prepareRO(path)
|
|
||||||
}
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return prepareRW(path)
|
|
||||||
}
|
|
||||||
|
|
||||||
func prepareRO(path string) error {
|
|
||||||
// make rootfs a mount point, as runc doesn't like it much otherwise
|
|
||||||
rootfs := filepath.Join(path, "rootfs")
|
|
||||||
if err := syscall.Mount(rootfs, rootfs, "", syscall.MS_BIND, ""); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func prepareRW(path string) error {
|
|
||||||
// mount a tmpfs on tmp for upper and workdirs
|
|
||||||
// make it private as nothing else should be using this
|
|
||||||
tmp := filepath.Join(path, "tmp")
|
|
||||||
if err := syscall.Mount("tmpfs", tmp, "tmpfs", 0, "size=10%"); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
// make it private as nothing else should be using this
|
|
||||||
if err := syscall.Mount("", tmp, "", syscall.MS_REMOUNT|syscall.MS_PRIVATE, ""); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
upper := filepath.Join(tmp, "upper")
|
|
||||||
// make the mount points
|
|
||||||
if err := os.Mkdir(upper, 0755); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
work := filepath.Join(tmp, "work")
|
|
||||||
if err := os.Mkdir(work, 0755); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
lower := filepath.Join(path, "lower")
|
|
||||||
rootfs := filepath.Join(path, "rootfs")
|
|
||||||
opt := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lower, upper, work)
|
|
||||||
if err := syscall.Mount("overlay", rootfs, "overlay", 0, opt); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// cleanup functions are best efforts only, mainly for rw onboot containers
|
|
||||||
func cleanup(path string) {
|
|
||||||
// see if we are dealing with a read only or read write container
|
|
||||||
if _, err := os.Stat(filepath.Join(path, "lower")); err != nil {
|
|
||||||
cleanupRO(path)
|
|
||||||
} else {
|
|
||||||
cleanupRW(path)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func cleanupRO(path string) {
|
|
||||||
// remove the bind mount
|
|
||||||
rootfs := filepath.Join(path, "rootfs")
|
|
||||||
_ = syscall.Unmount(rootfs, 0)
|
|
||||||
}
|
|
||||||
|
|
||||||
func cleanupRW(path string) {
|
|
||||||
// remove the overlay mount
|
|
||||||
rootfs := filepath.Join(path, "rootfs")
|
|
||||||
_ = os.RemoveAll(rootfs)
|
|
||||||
_ = syscall.Unmount(rootfs, 0)
|
|
||||||
// remove the tmpfs
|
|
||||||
tmp := filepath.Join(path, "tmp")
|
|
||||||
_ = os.RemoveAll(tmp)
|
|
||||||
_ = syscall.Unmount(tmp, 0)
|
|
||||||
}
|
|
@ -1,17 +1,28 @@
|
|||||||
FROM linuxkit/alpine:87a0cd10449d72f374f950004467737dbf440630 AS build
|
FROM linuxkit/alpine:0fd732eb9e99c4db0953ae8de23d95de340ab847 AS build
|
||||||
RUN apk add --no-cache --initdb alpine-baselayout make gcc musl-dev
|
RUN apk add --no-cache --initdb alpine-baselayout make gcc musl-dev git linux-headers
|
||||||
|
|
||||||
ADD usermode-helper.c .
|
ADD usermode-helper.c ./
|
||||||
RUN make usermode-helper
|
RUN LDFLAGS=-static CFLAGS=-Werror make usermode-helper
|
||||||
|
|
||||||
RUN apk add --no-cache go musl-dev
|
RUN apk add --no-cache go musl-dev
|
||||||
ENV GOPATH=/go PATH=$PATH:/go/bin
|
ENV GOPATH=/go PATH=$PATH:/go/bin
|
||||||
|
|
||||||
COPY init.go /go/src/init/
|
COPY cmd /go/src/cmd
|
||||||
COPY vendor /go/src/init/vendor/
|
RUN go-compile.sh /go/src/cmd/init
|
||||||
RUN go-compile.sh /go/src/init/
|
|
||||||
|
|
||||||
FROM linuxkit/alpine:87a0cd10449d72f374f950004467737dbf440630 AS mirror
|
# checkout containerd for vendoring
|
||||||
|
ENV GOPATH=/go PATH=$PATH:/go/bin
|
||||||
|
# CONTAINERD_REPO and CONTAINERD_COMMIT are defined in linuxkit/alpine
|
||||||
|
RUN mkdir -p $GOPATH/src/github.com/containerd && \
|
||||||
|
cd $GOPATH/src/github.com/containerd && \
|
||||||
|
git clone $CONTAINERD_REPO
|
||||||
|
WORKDIR $GOPATH/src/github.com/containerd/containerd
|
||||||
|
RUN git checkout $CONTAINERD_COMMIT
|
||||||
|
|
||||||
|
RUN cd /go/src/cmd/service && ./skanky-vendor.sh $GOPATH/src/github.com/containerd/containerd
|
||||||
|
RUN go-compile.sh /go/src/cmd/service
|
||||||
|
|
||||||
|
FROM linuxkit/alpine:6ed3b299f5243acb6459b4993549c5045e4ad7f4 AS mirror
|
||||||
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
|
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
|
||||||
RUN apk add --no-cache --initdb -p /out alpine-baselayout busybox musl
|
RUN apk add --no-cache --initdb -p /out alpine-baselayout busybox musl
|
||||||
|
|
||||||
@ -23,6 +34,7 @@ ENTRYPOINT []
|
|||||||
CMD []
|
CMD []
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
COPY --from=build /go/bin/init /
|
COPY --from=build /go/bin/init /
|
||||||
|
COPY --from=build /go/bin/service /usr/bin/
|
||||||
COPY --from=build usermode-helper /sbin/
|
COPY --from=build usermode-helper /sbin/
|
||||||
COPY --from=mirror /out/ /
|
COPY --from=mirror /out/ /
|
||||||
COPY etc etc/
|
COPY etc etc/
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
IMAGE=init
|
IMAGE=init
|
||||||
DEPS=init.go vendor.conf usermode-helper.c $(wildcard etc/*) $(wildcard etc/init.d/*)
|
NETWORK=1
|
||||||
|
DEPS=usermode-helper.c $(wildcard etc/*) $(wildcard etc/init.d/*) $(shell find cmd -type f)
|
||||||
|
|
||||||
include ../package.mk
|
include ../package.mk
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user