github.com/ehazlett/containerd@v0.2.5/docs/bundle.md (about) 1 # Creating OCI bundles 2 3 Since containerd consumes the OCI bundle format containers and configuration will have to be created 4 on the machine that containerd is running on. The easiest way to do this is to download an image 5 with docker and export it. 6 7 8 ## Setup 9 10 First thing we need to do to create a bundle is setup the initial directory structure. 11 Create a directory with a unique name. In this example we will create a redis container. 12 We will create this container in a `/containers` directory. 13 14 15 ```bash 16 mkdir redis 17 ``` 18 19 Inside the `redis` directory create another directory named `rootfs` 20 21 ```bash 22 mkdir redis/rootfs 23 ``` 24 25 ## Root Filesystem 26 27 Now we need to populate the `rootfs` directory with the filesystem of a redis container. To do this we 28 need to pull the redis image with docker and export its contents to the `rootfs` directory. 29 30 ```bash 31 docker pull redis 32 33 # create the container with a temp name so that we can export it 34 docker create --name tempredis redis 35 36 # export it into the rootfs directory 37 docker export tempredis | tar -C redis/rootfs -xf - 38 39 # remove the container now that we have exported 40 docker rm tempredis 41 ``` 42 43 Now that we have the root filesystem populated we need to create the configs for the container. 44 45 ## Configs 46 47 An easy way to get temp configs for the container bundle is to use the `runc` 48 cli tool from the [runc](https://github.com/opencontainers/runc) repository. 49 50 51 You need to `cd` into the `redis` directory and run the `runc spec` command. After doing this you 52 should have a file `config.json` created. The directory structure should look like this: 53 54 ``` 55 /containers/redis 56 ├── config.json 57 └── rootfs/ 58 ``` 59 60 ## Edits 61 62 We need to edit the config to add `redis-server` as the application to launch inside the container, 63 and remove the network namespace so that you can connect to the redis server on your system. 64 The resulting `config.json` should look like this: 65 66 ```json 67 { 68 "ociVersion": "0.4.0", 69 "platform": { 70 "os": "linux", 71 "arch": "amd64" 72 }, 73 "process": { 74 "terminal": true, 75 "user": {}, 76 "args": [ 77 "redis-server", "--bind", "0.0.0.0" 78 ], 79 "env": [ 80 "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 81 "TERM=xterm" 82 ], 83 "cwd": "/", 84 "capabilities": [ 85 "CAP_AUDIT_WRITE", 86 "CAP_KILL", 87 "CAP_NET_BIND_SERVICE" 88 ], 89 "rlimits": [ 90 { 91 "type": "RLIMIT_NOFILE", 92 "hard": 1024, 93 "soft": 1024 94 } 95 ], 96 "noNewPrivileges": true 97 }, 98 "root": { 99 "path": "rootfs", 100 "readonly": true 101 }, 102 "hostname": "runc", 103 "mounts": [ 104 { 105 "destination": "/proc", 106 "type": "proc", 107 "source": "proc" 108 }, 109 { 110 "destination": "/dev", 111 "type": "tmpfs", 112 "source": "tmpfs", 113 "options": [ 114 "nosuid", 115 "strictatime", 116 "mode=755", 117 "size=65536k" 118 ] 119 }, 120 { 121 "destination": "/dev/pts", 122 "type": "devpts", 123 "source": "devpts", 124 "options": [ 125 "nosuid", 126 "noexec", 127 "newinstance", 128 "ptmxmode=0666", 129 "mode=0620", 130 "gid=5" 131 ] 132 }, 133 { 134 "destination": "/dev/shm", 135 "type": "tmpfs", 136 "source": "shm", 137 "options": [ 138 "nosuid", 139 "noexec", 140 "nodev", 141 "mode=1777", 142 "size=65536k" 143 ] 144 }, 145 { 146 "destination": "/dev/mqueue", 147 "type": "mqueue", 148 "source": "mqueue", 149 "options": [ 150 "nosuid", 151 "noexec", 152 "nodev" 153 ] 154 }, 155 { 156 "destination": "/sys", 157 "type": "sysfs", 158 "source": "sysfs", 159 "options": [ 160 "nosuid", 161 "noexec", 162 "nodev", 163 "ro" 164 ] 165 }, 166 { 167 "destination": "/sys/fs/cgroup", 168 "type": "cgroup", 169 "source": "cgroup", 170 "options": [ 171 "nosuid", 172 "noexec", 173 "nodev", 174 "relatime", 175 "ro" 176 ] 177 } 178 ], 179 "hooks": {}, 180 "linux": { 181 "resources": { 182 "devices": [ 183 { 184 "allow": false, 185 "access": "rwm" 186 } 187 ] 188 }, 189 "namespaces": [ 190 { 191 "type": "pid" 192 }, 193 { 194 "type": "ipc" 195 }, 196 { 197 "type": "uts" 198 }, 199 { 200 "type": "mount" 201 } 202 ], 203 "devices": null 204 } 205 } 206 ``` 207 208 This is what you need to do to make a OCI compliant bundle for containerd to start.