linuxkit
firecracker-containerd
Our great sponsors
linuxkit | firecracker-containerd | |
---|---|---|
14 | 9 | |
8,112 | 2,029 | |
0.5% | 1.9% | |
9.2 | 5.2 | |
8 days ago | about 1 month ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
linuxkit
-
Gokrazy – Go Appliances
Another project that aims to deliver this is Linuxkit (https://github.com/linuxkit/linuxkit). All the components they ship are written in memory safe languages (usually Go) and run as containers under containerd. You can build a custom image very easily, fully defined as a YAML file.
- How to connect to a docker container service when it's running on a mac?
-
An overview of single-purpose Linux distributions
docker-the-company maintained https://github.com/linuxkit/linuxkit when I worked there. I have no idea who maintains it now, but it looks like it is still active (presumably still docker-the-company, since their adopters list [1] lists docker desktop).
[1]: https://github.com/linuxkit/linuxkit/blob/master/ADOPTERS.md
-
Create a minimalist OS using Docker Containers and Hashicorp Packer
LF-Edge EVE project leverages Linuxkit to create custom OSs for Edge Devices which in turn leverages Containers as Lego Blocks
-
RootFS Tooling
LinuxKit - Docker
-
What happened to the nice Ansible cloud (provisioning) listing?
That said... you might want to check out linuxkit
That said... you might want to check out linuxkit -- if you're ever in a place where you need to build VMs out of containers, it is looks next-generation (granted it is less powerful than ansible on a running machine).
-
Ask HN: How are you using unikernels?
The definition of what a unikernel is needs to be narrowed down, a lot of these projects in the space (not all the ones listed above) have material differences that are not clear:
- some run only one language
- some require recompilation
- some essentially swap out libraries, others do something closer to dropping your already mostly static binary in a minimal disk image
- some build pid1 processes, others VMs images
Anyway, here are some additional entries in the space:
- https://ssrg-vt.github.io/hermitux/
- https://github.com/linuxkit/linuxkit (more embedded/minimal VM than unikernel)
- https://nabla-containers.github.io/ (runs on Solo5)
I am going through using Linuxkit to build AMIs for cloud providers now. I wouldn’t necessarily class linuxkit as a universal project because it doesn’t have the hallmark blurring of user and kernel space or kernel-as-a-library but you can customize the kernel so it’s an adjacent idea, and I think it’s the one most likely to be in actual use at non-hyperscalers.
-
Unikraft: Fast, Specialized Unikernels the Easy Way
I believe there is growing interest in providing leaner, "trimmed" runtimes for services deployed to the cloud. Today, this is seen largely by specializing the Linux kernel for, for example, container services[0] or in general[1], as much as that is possible (the paper above covers this problem in greater detail). But, Unikernels in themselves are not yet widely adopted. This is the space Unikraft is aiming to enter, providing the ultimate level of specialization for a target application.
It's clear that bigger players, such as Red Hat[2] are interested in the topic of unikernels, and that cloud providers are preparing for this future too [3].
-
Docker Without Docker
I'm really impressed by fly.io, and the candidness with which they share some of their really awesome technology. Being container-first is the next step for PaaS IMO and they are ahead of the pack.
I aim to build a platform like theirs someday (probably not any time soon) but I don't think I'd do any of what they're doing -- it feels unnecessary. Bear with me as I recently learned that they use nomad[0] and some of these suggestions are kubernetes projects but I'd love to hear why the following technologies were decided against (if they were):
- kata-containers[1] (it does the whole container -> VM flow for you, automatically, nemu, firecracker) with multiple VMM options[2]
- linuxkit[3] (let's say you didn't go with kata-containers, this is another container->VM path)
- firecracker-containerd[4] (very minimal keep-your-container-but-run-it-as-a-VM)
- kubevirt[5] (if you just want to actually run VMs, regardless of how you built them)
- Ceph[6] for storage -- make LVM pools and just give them to Ceph, you'll get blocks, distributed filesystems (CephFS), and object gateways (S3/Swift) out of it (in the k8s space Rook manages this)
As an aside to all this, there's also LXD, which supports running "system" (user namespace isolated) containers, VMs (somewhat recent[7][8]), live migration via criu[9], management/migration of underlying filesystems, runs on LVM or zfs[10], it's basically all-in-one, but does fall behind in terms of ecosystem since everyone else is aboard the "cloud native"/"works-with-kubernetes" train.
I've basically how I plan to run a service like fly.io if I ever did -- so maybe my secret is out, but I sure would like to know just how much of this fly.io got built on (if any of it), and/or what was turned down.
[0]: https://news.ycombinator.com/item?id=26745514
[1]: https://github.com/kata-containers/kata-containers
[2]: https://github.com/kata-containers/kata-containers/blob/2fc7...
[3]: https://github.com/linuxkit/linuxkit
[4]: https://github.com/firecracker-microvm/firecracker-container...
[5]: https://github.com/kubevirt/kubevirt
[7]: https://discuss.linuxcontainers.org/t/running-virtual-machin...
[8]: https://github.com/lxc/lxd/issues/6205
firecracker-containerd
-
Savings cost for self managed K8s?
My team is working on multi-cloud AWS Bottlerocket remix (Azure, GCP) with opt-in support for [firecracker-containerd](https://github.com/firecracker-microvm/firecracker-containerd) for our in-house CNCF distro, investigating microkernels applicability (tldr; they are not production-ready). We test kubernetes compat and migration plans for over 40+ cherry-picked solutions, and facing numerous compat issues for every k8s update. We do have support for Container Managed Control Planes described above, as well.
-
Multi-tenancy in Kubernetes
You could use a container sandbox like gVisor, light virtual machines as containers (Kata containers, firecracker + containerd) or full virtual machines (virtlet as a CRI).
-
Firecracker internals: deep dive inside the technology powering AWS Lambda(2021)
There is this project, which I have never used, but seems promising. https://github.com/firecracker-microvm/firecracker-container...
- Python 3.11 is out !
-
Deploying Firecracker VMs
, "should represent the path to a file that contains a JSON which stores the entire configuration for all of the microVM's resources" (okay this is fair enough). Also, they stipulate, "**The JSON must contain the configuration for the guest kernel and rootfs, as these are mandatory, but all of the other resources are optional, so it's your choice if you want to configure them or not. Because using this configuration method will also start the microVM, you need to specify all desired pre-boot configurable resources in that JSON.**" **File Names for the Pre-Boot Resources** (included within the greater repo here): 1. **firecracker.yaml** - Names of resources are contained here ; 'file nad the names of their fields are the same that are used in API requests' (cool) 2. **tests/framework/vm_config.json** (boilerplate config file to guide us - great) > *"After the machine is booted, you can still use the socket to send API requests for post-boot operations."* (this honestly feels clunky as a mf) ### Conclusion Somewhat of a pain in the ass (just looking through the directions); the fact that we'd have to go grab a uncompressed kernel image + file system image (ext4) is kind of a fucking hassle / burden. Was hoping for a solution more akin to Docker where it can just be spun up real quick & then deployed. But they claim that this 'jailer' feature (that they keep hyping) will **ensure** (I guess?) that whatever is done within the container will remain within the container (and not escape). I haven't seen anything that sticks out about this project that leads me to believe that it possesses that capability, but I definitely don't want to rule it out. ### Extra Documentation + Information 1. **OSv Running on 'Firecracker'** (yay more work though) - http://blog.osv.io/blog/2019/04/19/making-OSv-run-on-firecraker/ 2. **Building OSv Images Using Docker** - http://blog.osv.io/blog/2015/04/27/docker/ 3. **firecracker containerd** (this is something that's probably important for the overall mission of what we want to accomplish here) - https://github.com/firecracker-microvm/firecracker-containerd ### Firecracker Containerd **Description** - "*firecracker-containerd enables containerd to manage containers as Firecracker microVMs*" - "This repository enables the use of a container runtime, containerd, to manage Firecracker microVMs. Like traditional containers, Firecracker microVMs offer fast start-up and shut-down and minimal overhead. Unlike traditional containers, however, they can provide an additional layer of isolation via the KVM hypervisor." **They Also Identify Potential Use-Cases in the Repo Such as** 1. "*Sandbox a partially or fully untrusted third party container in its own microVM. This would reduce the likelihood of leaking secrets via the third party container, for example.*" 2. "*Bin-pack disparate container workloads on the same host, while maintaining a high level of isolation between containers. Because the overhead of Firecracker is low, the achievable container density per host should be comparable to running containers using kernel-based container runtimes, without the isolation compromise of such solutions. Multi-tenant hosts would particularly benefit from this use case.*" Really interesting feature of this repo here is: "*A root file filesystem image builder that constructs a firecracker microVM root filesystem containing runc and the firecracker-containerd agent.*" (that could save a lot of time on that whole filesystem image thing that they were mentioning prior) **Additional Links of Importance** 1. **Getting Started Guide** - https://github.com/firecracker-microvm/firecracker-containerd/blob/main/docs/getting-started.md 2. **Quickstart Guide** - https://github.com/firecracker-microvm/firecracker-containerd/blob/main/docs/quickstart.md 3. **A Root Filesystem Image Builder** - https://github.com/firecracker-microvm/firecracker-containerd/blob/main/tools/image-builder 4. **Runtime Linking Containerd** - https://github.com/firecracker-microvm/firecracker-containerd/blob/main/runtime **Documentation All Located Here** - https://github.com/firecracker-microvm/firecracker-containerd/tree/main/docs (definitely fucking needed because there's a lot here to wrap one's head around) - **Design Approaches Doc** - https://github.com/firecracker-microvm/firecracker-containerd/blob/main/docs/design-approaches.md - **Shim Architecture** - https://github.com/firecracker-microvm/firecracker-containerd/blob/main/docs/shim-design.md - **Launching 4k VMs Using Firecracker** - https://github.com/firecracker-microvm/firecracker-demo - **firectl** (CLI options for manipulating this tool from terminal ; this is important as well) - https://github.com/firecracker-microvm/firectl [damn, there's a lot that came with this here!]
-
Firecracker MicroVMs
How does that compare to firecracker-containerd?
https://github.com/firecracker-microvm/firecracker-container...
This repository enables the use of a container runtime, containerd, to manage Firecracker microVMs. Like traditional containers, Firecracker microVMs offer fast start-up and shut-down and minimal overhead. Unlike traditional containers, however, they can provide an additional layer of isolation via the KVM hypervisor.
-
Docker Without Docker
I'm really impressed by fly.io, and the candidness with which they share some of their really awesome technology. Being container-first is the next step for PaaS IMO and they are ahead of the pack.
I aim to build a platform like theirs someday (probably not any time soon) but I don't think I'd do any of what they're doing -- it feels unnecessary. Bear with me as I recently learned that they use nomad[0] and some of these suggestions are kubernetes projects but I'd love to hear why the following technologies were decided against (if they were):
- kata-containers[1] (it does the whole container -> VM flow for you, automatically, nemu, firecracker) with multiple VMM options[2]
- linuxkit[3] (let's say you didn't go with kata-containers, this is another container->VM path)
- firecracker-containerd[4] (very minimal keep-your-container-but-run-it-as-a-VM)
- kubevirt[5] (if you just want to actually run VMs, regardless of how you built them)
- Ceph[6] for storage -- make LVM pools and just give them to Ceph, you'll get blocks, distributed filesystems (CephFS), and object gateways (S3/Swift) out of it (in the k8s space Rook manages this)
As an aside to all this, there's also LXD, which supports running "system" (user namespace isolated) containers, VMs (somewhat recent[7][8]), live migration via criu[9], management/migration of underlying filesystems, runs on LVM or zfs[10], it's basically all-in-one, but does fall behind in terms of ecosystem since everyone else is aboard the "cloud native"/"works-with-kubernetes" train.
I've basically how I plan to run a service like fly.io if I ever did -- so maybe my secret is out, but I sure would like to know just how much of this fly.io got built on (if any of it), and/or what was turned down.
[0]: https://news.ycombinator.com/item?id=26745514
[1]: https://github.com/kata-containers/kata-containers
[2]: https://github.com/kata-containers/kata-containers/blob/2fc7...
[3]: https://github.com/linuxkit/linuxkit
[4]: https://github.com/firecracker-microvm/firecracker-container...
[5]: https://github.com/kubevirt/kubevirt
[7]: https://discuss.linuxcontainers.org/t/running-virtual-machin...
[8]: https://github.com/lxc/lxd/issues/6205
What are some alternatives?
kata-containers - Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
kubevirt - Kubernetes Virtualization API and runtime in order to define and manage virtual machines.
lxd - Powerful system container and virtual machine manager [Moved to: https://github.com/canonical/lxd]
nanos - A kernel designed to run one and only one application in a virtualized environment
unikraft - A next-generation cloud native kernel designed to unlock best-in-class performance, security primitives and efficiency savings.
buildbuddy - BuildBuddy is an open source Bazel build event viewer, result store, remote cache, and remote build execution platform.
mirage - MirageOS is a library operating system that constructs unikernels
firecracker-container
tailscale-systray - Linux port of tailscale system tray menu.