This adds a namespace field to override the LinuxKit containerd
default namespace, in case you want to run a container in another
namespace.
Needs a patch in LinuxKit to implement this that I will open soon.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
If the flag is set on push, then the image will have the license
set to enabled the currently experimental netsted virtualisation
feature. The flag currently also needs to be set on run to make
sure the right CPU model (at least Haswell) is selected.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Annotations do not do anything by default but get passed through to the runtime,
which can be useful. I never metadata I didn't like...
Also fix sysctl to be a map in the validation, not an array. I can't see any
examples using this in LinuxKit, but this matches OCI so is correct.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This prepends 'ucode.cpio' to the initrd if present. Padding
should not be necessary as the ucode.cpio should be padded
to the right size.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
For now the backends for the different formats do not yet
use the extracted ucode cpio archive, but '// TODO' are
placed for the backends which should eventually handle it.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This extends the kernel filter to also look for the CPU microcode
file if specified in the YAML. If found, the ucode cpio archive
is placed into the intermediate tar file as '/boot/ucode.cpio'.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This optional option will allow users to specify a CPU
microcode cpio archive to be prepended to the initrd file.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Pulls in:
f816553 Merge pull request #195 from ijc/prepend-rootfs-mounts
0a6d69d Prepend the rootfs mounts to the user specified runtime.mounts.
Signed-off-by: Ian Campbell <ijc@docker.com>
User specified mounts should be able to rely on the rootfs being mounted, in
particular for a writeable container they should expect the writeable overlay
to already be in place.
Signed-off-by: Ian Campbell <ijc@docker.com>
Will return the list of all hosts that are part of a vCenter DataCenter
and choose one at random to use.
Signed-off-by: Dan Finneran <daniel.finneran@gmail.com>
This simply starts a web server serving the specified directory.
It's useful for PXE booting.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This currently just copies the kernel/initrd to a destination
and writes the iPXE script there as well. The scheme is flexible
enough to support scp or other means for pushing in the future.
The kernel/initrd are conditionally decompressed (default for arm64).
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Using the userdat to pass the iPXE script precludes us from passing
actual userdata to the instance. Instead pass a URL to the iPXE script.
The script is expected to be a <base-url>/<name>-packet.ipxe.
When starting a server also serve the iPXE script from memory (not
the file system). The http server needed extending to differentiate
between the serving files and the iPXE script and ServeMux is used
to differentiate based on path.
A subsequent commit will provide an option to write the iPXE script
to disk.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
prefix packet.net specific functions with 'packet' and make
non-packet specific functions, such as validateHTTPURL()
more generic so that they can easily be moved to 'utils.go'
should they be needed elsewhere.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
656bd87fd2...d9d2a91780d9d2a91 Merge pull request #193 from ijc/bugfix-191
307f13b Defer dockerRm until we are finished with the contents
ebd7228 Merge pull request #191 from ijc/reduce-memory-via-tempfiles
3045a80 Stream `docker export` directly to consumer
9f44acf Generate intermediate image into a temp file
9558740 Add cpu and mem profiling options
Reduces the memory usage substantially.
While here make some notes about the need to update src/cmd/linuxkit/build.go
where people might see them.
Signed-off-by: Ian Campbell <ijc@docker.com>
Rather than queueing up into a `bytes.Buffer`.
In my test case (building kube master image) this reduces Maximum RSS (as
measured by time(1)) compared with the previous patch from 2.8G to 110M. The
tar output case goes from 2.1G to 110M also. Overall allocations are ~715M in
both cases.
Signed-off-by: Ian Campbell <ijc@docker.com>
All of the `output*` functions took a `[]byte` and immediately wrapped it in a
`bytes.Buffer` to produce an `io.Reader`. Make them take an `io.Reader` instead
and satisfy this further up the call chain by directing `moby.Build` to output
to a temp file instead of another `bytes.Buffer`.
In my test case (building kube master image) this reduces Maximum RSS (as
measured by time(1)) from 6.7G to 2.8G and overall allocations from 9.7G to
5.3G. When building a tar (output to /dev/null) the Maximum RSS fell slightly
from 2.2G to 2.1G. Overall allocations remained stable at around 5.3G.
Signed-off-by: Ian Campbell <ijc@docker.com>
The log.Fatal* calls will leak the vpnkit process since
defer functions are not invoked when os.Exit(int) is invoked
We register an ExitHandler with logrus - that'll be invoke when
log.Fatal* is called
Signed-off-by: Steve Hiehn <shiehn@pivotal.io>
Signed-off-by: Dave Protasowski <dprotaso@gmail.com>
This allows the `linuxkit/kubernetes` "image-cache" packages to use a standard
`linuxkit pkg build` based flow rather than requiring surrounding scaffolding.
Fixes#2766. Compared with the original (actually, the second) proposal made in
issue #2766, the field is `docker-images` rather than `images` to allow for
future inclusion of e.g. `containerd-images`.
Signed-off-by: Ian Campbell <ijc@docker.com>
