* containerd to semver v2.0.3 Signed-off-by: Avi Deitcher <avi@deitcher.net> * containerd v2.0.3 plus commits to fix blkdiscard Signed-off-by: Avi Deitcher <avi@deitcher.net> * update containerd-dev dependencies Signed-off-by: Avi Deitcher <avi@deitcher.net> * updated pkg/init and pkg/containerd deps Signed-off-by: Avi Deitcher <avi@deitcher.net> --------- Signed-off-by: Avi Deitcher <avi@deitcher.net> |
||
---|---|---|
.. | ||
kernel | ||
tools | ||
clear-containers.yml | ||
README.md |
Clear Containers image
This project's goal is to use LinuxKit* to generate two components for the Clear Containers project:
- Kernel: The Linux* kernel for Intel® Clear Containers following LinuxKit philosophy.
- Image or mini-os: the minimal guest user-space image (The guest OS based in LinuxKit is not functional for clear-containers yet).
What are Clear Containers?
Intel® Clear Containers are a collection of tools, configurations, and techniques anchored on an implementation leveraging Intel® Architecture to optimize hypervisor-based containers. Intel® Clear Containers enable a small virtual machine with the isolation of virtual-machine technology along with the deployment benefits of containers.
Today, the Intel® Clear Containers project uses a Clear Linux* OS for Intel® Architecture based guest OS image. The Clear Linux based image provides:
Why use LinuxKit to build a Clear Containers guest OS?##
Using LinuxKit to build the guest OS fits the Clear Containers guest needs. LinuxKit provides:
- An immutable Linux distribution: Write operations from the guest to the file system are not persistent.
- Easy tooling with easy iteration.
- A general purpose toolkit.
Current development status
A Clear Containers compatible kernel can be generated using LinuxKit which has the security features of LinuxKit and the virtualization features required by Clear Containers.
Getting started
To build the kernel, enter the following commands:
- Build kernel
This step is required to build a kernel from source
It will use the kernel configuration file:
projects/clear-containers/kernel/kernel_config
and
the patches from projects/clear-containers/kernel/patches-*
NOTE: This step also is needed meanwhile an image
linuxkit/kernel-clear-containers:X.y.x
is pushed to docker-hub.
The following commands will build a kernel using
projects/clear-containers/kernel/Dockerfile
:
pushd projects/clear-containers/kernel
make image
make tag
popd
- Get a Clear Containers kernel using moby tool
To generate the kernel image called clear-containers-bzImage
, enter the
following command:
./bin/linuxkit build ./projects/clear-containers/clear-containers.yml
- Test kernel
The Makefile target qemu-lite
from projects/clear-containers/tools
will launch the Clear Containers base OS and the
with kernel built with moby. Use the root
user to access to the test system,
it will ask to setup a password.
cd projects/clear-containers/tools
make qemu-lite
The file clear-containers-bzImage
is not a bzImage*. The file
is a vmlinux image, see TODO. The cc-oci-runtime project can be
configured to use kernel generated by LinuxKit.
TODO
- Create a Clear Container Mini-OS image.
- Start
hyperstart
as a privileged container. - Add a script to launch a clear container guest.
- Sync with official kernel LinuxKit patches.
- Add an output format similar to
kernel+initrd
which extracts a vmlinux image. The Intel® Clear Containers project requires an uncompressed kernel to boot. Currently, the LinuxKit output formatkernel+initrd
extracts a bzImage from a LinuxKit packaged kernel. A way to extract the vmlinux image is still required.