github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2026-01-15 22:51:03 +00:00
Code Issues Projects Releases Wiki Activity
2,806 Commits 1 Branch 31 Tags
4bd853271345c63e40df76ca15276878005c6cb2
Commit Graph

141 Commits

Author SHA1 Message Date
Justin Cormack
64933fa292 Merge pull request #1572 from errordeveloper/kubernetes 
Working single-node Kubernetes setup
 2017-04-11 09:56:35 +01:00
Ilya Dmitrichenko
85b54d5717 Fix shared mounts – working single-node Kubernetes setup 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-11 09:43:07 +01:00
Riyaz Faizullabhoy
5f90faeafa init: update main moby example and tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-10 11:59:23 -07:00
Ilya Dmitrichenko
91c4278c77 Use new modular init containers, flatten kubelet image 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-10 17:43:12 +01:00
Justin Cormack
84034a0370 Merge pull request #1570 from justincormack/containerd-toml-default 
Use the real default containerd toml config
 2017-04-10 17:32:36 +01:00
Justin Cormack
bc23fde1c2 Use the real default containerd toml config 
Rather than an empty one.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 16:25:13 +01:00
Rolf Neugebauer
34af633552 infrakit: rename the Moby property to kernel+initrd 
The infrakit plugin is not specific to Moby and should be able
to boot other Linux systems as long as a kernel image and
initial RAM disk are supplied. Reflect this in the property
passed to the plugin.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-10 16:12:08 +01:00
Justin Cormack
bd5780e46d Merge pull request #1565 from justincormack/var-rework-again 
Rework how /var is mounted
 2017-04-10 14:27:40 +01:00
Rolf Neugebauer
29ad037125 demo: Remove jq and sfdisk from etcd image 
They are no longer needed as the mounting happens in the
mount container.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-10 11:41:17 +01:00
Justin Cormack
9ee52aa966 Rework how /var is mounted 
Instead of mounting a new filesystem, revert to doing a `rw` bind.

However do not make `/` `rshared`, just `/var` as that is where we expect
filesystems to be mounted for persistence. Also only make the actual
container rootfs writeable, not the whole directory.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 11:28:00 +01:00
Justin Cormack
ce70127028 Merge pull request #1561 from riyazdf/landlock-makefile-dockerfile 
Landlock: kernel build materials and example yml
 2017-04-10 10:48:37 +01:00
Rolf Neugebauer
baab60ea87 demo: Update etcd to use the new mount container 
Rolling updates still work

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-09 20:50:10 +01:00
Riyaz Faizullabhoy
3aead78f36 landlock: example yml 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:09:06 -07:00
Riyaz Faizullabhoy
b95ca1b358 landlock: gitignore for kernel build 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:08:53 -07:00
Riyaz Faizullabhoy
f89bd06edb landlock: Makefile with kernel-landlock name 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:07:10 -07:00
Riyaz Faizullabhoy
1e9495e609 landlock: Dockerfile 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:06:48 -07:00
Mickaël Salaün
296a0f4560 landlock: Backport patches from the sixth series 
Backport from Linux v4.11-rc3-812-gc6bf33827b7d to Linux 4.9.20:
https://github.com/landlock-lsm/linux/commits/landlock-v6-linux-v4.9.20

Do not include documentation nor tests.

See built documentation here:
https://landlock-lsm.github.io/linux-doc/landlock-v6/security/landlock/index.html

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lkml.kernel.org/r/20170328234650.19695-1-mic@digikod.net
 2017-04-09 19:45:24 +02:00
Mickaël Salaün
792238f5cb landlock: Add kernel_config{,.debug} 
Based on kernel_config{,.debug} from commit
724561bf69

Enable Landlock and userland sandbox example:
* CONFIG_SECURITY_LANDLOCK=y
* CONFIG_SAMPLES=y

Signed-off-by: Mickaël Salaün <mic@digikod.net>
 2017-04-09 19:45:24 +02:00
Mickaël Salaün
c6b3c62b83 landlock: Link to project 
Signed-off-by: Mickaël Salaün <mic@digikod.net>
 2017-04-09 19:45:24 +02:00
Rolf Neugebauer
733e8f3307 config: Remove unused binfmt container 
A few YAML files include the binfmt container, where it's not really
needed. Remove it to make the samples simpler.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-09 10:09:00 +01:00
Riyaz Faizullabhoy
9effac329a landlock: start project, add roadmap doc 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-08 20:05:39 -07:00
Justin Cormack
fb5d6a8fad Add an (empty) config file for containerd 
It needs one now.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-08 21:38:31 +01:00
Rolf Neugebauer
875cb565e3 demo: Update etcd README 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:38:53 +01:00
Rolf Neugebauer
31a4156686 demo: Add formatting and mounting to etcd image 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:38:53 +01:00
Rolf Neugebauer
a3d20abdb6 demo: Add a disk to the etcd image 
etcd works better with a persistent storage. So configure a
disk and add the formatting container to the image.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:38:53 +01:00
Rolf Neugebauer
6407cf360b demo: Update YAML files to new init section layout 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:37:17 +01:00
Rolf Neugebauer
b5dd0315e2 demo: Make sure the infrakit 'cli' directory exists 
Otherwise there is a warning on first use.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:32:25 +01:00
Justin Cormack
eb22d6909f system → onboot daemon → services 
As suggested by @shykes these are clearer

- onboot for things that are run at boot time to completion
- services for persistent services

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-08 16:56:47 +01:00
Ilya Dmitrichenko
54835a1d67 Fix typo 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-08 05:53:31 +01:00
Ilya Dmitrichenko
12d6e38b48 Use directory: true instead fo writing a dummy file 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-08 05:53:22 +01:00
Rolf Neugebauer
4520daa753 demo: Updated docs and added socat forwarding container 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
57f41c4b5a demo: Update YAMLS files 
New init for RO filesystem, updated DHCPD

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
f718d4195f demo: Add URL to modified VPNKit 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
f0961b8897 demo: Add a dockerfile to run etcdctl agains the local cluster 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
c660ca5ac4 demo: Create a cluster of 5 etcd daemons 
Also tweak the shell script a little and give the local and GCP
infrakit group different names.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
9878cabd1e demo: Add script to start infrakit 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:02 +01:00
Justin Cormack
d9faecdee9 Make init accept a list of images not just a single one. 
fix #1527

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-07 14:25:28 +01:00
Thomas Gazagnaire
81debfcd74 miragesdk: update README with moby build/run instructions 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-07 12:13:06 +02:00
Thomas Gazagnaire
914d27bed9 miragesdk: remove CAP_SYS_PTRACE 
Since https://github.com/opencontainers/runc/pull/774 we don't need this anymore.

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-07 12:10:35 +02:00
Thomas Gazagnaire
d289de6416 miragesdk: update to latest runc 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-07 12:10:35 +02:00
Rolf Neugebauer
93a9a827b6 demo: Update documentation 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 10:52:40 +01:00
Rolf Neugebauer
01e39a16ac demo: Tweak etcd start script 
Try joining a new cluster initially. If that fails try to join
an existing cluster.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 10:52:40 +01:00
Rolf Neugebauer
17e4aa3e58 demo: Increase memory of etcd VMs to 1G 
512MB is too small to install etcd via apk in the RAM disk.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 10:52:40 +01:00
Justin Cormack
f4127faec3 Merge pull request #1526 from samoht/runc-calf 
miragesdk: start the calf using runc
 2017-04-07 10:42:58 +01:00
Ilya Dmitrichenko
961acc4c21 Working Kubernetes master 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-07 10:09:10 +01:00
Thomas Gazagnaire
a60ac17233 miragesdk: start the calf using runc 
`nested runc` unfortunately needs a lot of caps/privileged. The removal of `readonly: true` is also a bit unfortunate.

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 19:39:21 +02:00
Thomas Gazagnaire
05089f9249 Merge pull request #1469 from samoht/system-handlers 
mirage-sdk: add system handlers
 2017-04-06 19:28:36 +02:00
Justin Cormack
0511e13bd4 Merge pull request #1523 from rneugeba/demo-cloud 
Update demo files/config/docs
 2017-04-06 18:10:27 +01:00
Ilya Dmitrichenko
e68e42c0fa WIP Kubernetes 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-06 17:57:48 +01:00
Rolf Neugebauer
dca2b4d223 demo: Add files/instructions for a GCP based etcd cluster 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-06 17:44:19 +01:00