github.com/jzwlqx/containerd@v0.2.5/docs/bundle.md

github.com/jzwlqx/containerd@v0.2.5/docs/bundle.md (about)

     1  # Creating OCI bundles
     2  
     3  Since containerd consumes the OCI bundle format containers and configuration will have to be created
     4  on the machine that containerd is running on.  The easiest way to do this is to download an image 
     5  with docker and export it.
     6  
     7  
     8  ## Setup
     9  
    10  First thing we need to do to create a bundle is setup the initial directory structure.
    11  Create a directory with a unique name.  In this example we will create a redis container.
    12  We will create this container in a `/containers` directory.
    13  
    14  
    15  ```bash
    16  mkdir redis
    17  ```
    18  
    19  Inside the `redis` directory create another directory named `rootfs`
    20  
    21  ```bash
    22  mkdir redis/rootfs
    23  ```
    24  
    25  ## Root Filesystem
    26  
    27  Now we need to populate the `rootfs` directory with the filesystem of a redis container.  To do this we
    28  need to pull the redis image with docker and export its contents to the `rootfs` directory.
    29  
    30  ```bash
    31  docker pull redis
    32  
    33  # create the container with a temp name so that we can export it
    34  docker create --name tempredis redis
    35  
    36  # export it into the rootfs directory
    37  docker export tempredis | tar -C redis/rootfs -xf -
    38  
    39  # remove the container now that we have exported
    40  docker rm tempredis
    41  ```
    42  
    43  Now that we have the root filesystem populated we need to create the configs for the container.
    44  
    45  ## Configs
    46  
    47  An easy way to get temp configs for the container bundle is to use the `runc` 
    48  cli tool from the [runc](https://github.com/opencontainers/runc) repository.
    49  
    50  
    51  You need to `cd` into the `redis` directory and run the `runc spec` command.  After doing this you
    52  should have a file `config.json` created.  The directory structure should look like this:
    53  
    54  ```
    55  /containers/redis
    56  ├── config.json
    57  └── rootfs/
    58  ```
    59  
    60  ## Edits
    61  
    62  We need to edit the config to add `redis-server` as the application to launch inside the container,
    63  and remove the network namespace so that you can connect to the redis server on your system.
    64  The resulting `config.json` should look like this:
    65  
    66  ```json
    67  {
    68  	"ociVersion": "0.4.0",
    69  	"platform": {
    70  		"os": "linux",
    71  		"arch": "amd64"
    72  	},
    73  	"process": {
    74  		"terminal": true,
    75  		"user": {},
    76  		"args": [
    77  			"redis-server", "--bind", "0.0.0.0"
    78  		],
    79  		"env": [
    80  			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
    81  			"TERM=xterm"
    82  		],
    83  		"cwd": "/",
    84  		"capabilities": [
    85  			"CAP_AUDIT_WRITE",
    86  			"CAP_KILL",
    87  			"CAP_NET_BIND_SERVICE"
    88  		],
    89  		"rlimits": [
    90  			{
    91  				"type": "RLIMIT_NOFILE",
    92  				"hard": 1024,
    93  				"soft": 1024
    94  			}
    95  		],
    96  		"noNewPrivileges": true
    97  	},
    98  	"root": {
    99  		"path": "rootfs",
   100  		"readonly": true
   101  	},
   102  	"hostname": "runc",
   103  	"mounts": [
   104  		{
   105  			"destination": "/proc",
   106  			"type": "proc",
   107  			"source": "proc"
   108  		},
   109  		{
   110  			"destination": "/dev",
   111  			"type": "tmpfs",
   112  			"source": "tmpfs",
   113  			"options": [
   114  				"nosuid",
   115  				"strictatime",
   116  				"mode=755",
   117  				"size=65536k"
   118  			]
   119  		},
   120  		{
   121  			"destination": "/dev/pts",
   122  			"type": "devpts",
   123  			"source": "devpts",
   124  			"options": [
   125  				"nosuid",
   126  				"noexec",
   127  				"newinstance",
   128  				"ptmxmode=0666",
   129  				"mode=0620",
   130  				"gid=5"
   131  			]
   132  		},
   133  		{
   134  			"destination": "/dev/shm",
   135  			"type": "tmpfs",
   136  			"source": "shm",
   137  			"options": [
   138  				"nosuid",
   139  				"noexec",
   140  				"nodev",
   141  				"mode=1777",
   142  				"size=65536k"
   143  			]
   144  		},
   145  		{
   146  			"destination": "/dev/mqueue",
   147  			"type": "mqueue",
   148  			"source": "mqueue",
   149  			"options": [
   150  				"nosuid",
   151  				"noexec",
   152  				"nodev"
   153  			]
   154  		},
   155  		{
   156  			"destination": "/sys",
   157  			"type": "sysfs",
   158  			"source": "sysfs",
   159  			"options": [
   160  				"nosuid",
   161  				"noexec",
   162  				"nodev",
   163  				"ro"
   164  			]
   165  		},
   166  		{
   167  			"destination": "/sys/fs/cgroup",
   168  			"type": "cgroup",
   169  			"source": "cgroup",
   170  			"options": [
   171  				"nosuid",
   172  				"noexec",
   173  				"nodev",
   174  				"relatime",
   175  				"ro"
   176  			]
   177  		}
   178  	],
   179  	"hooks": {},
   180  	"linux": {
   181  		"resources": {
   182  			"devices": [
   183  				{
   184  					"allow": false,
   185  					"access": "rwm"
   186  				}
   187  			]
   188  		},
   189  		"namespaces": [
   190  			{
   191  				"type": "pid"
   192  			},
   193  			{
   194  				"type": "ipc"
   195  			},
   196  			{
   197  				"type": "uts"
   198  			},
   199  			{
   200  				"type": "mount"
   201  			}
   202  		],
   203  		"devices": null
   204  	}
   205  }
   206  ```
   207  
   208  This is what you need to do to make a OCI compliant bundle for containerd to start.