This repository is a hacking space for a new general purpose container library written in Rust.
containers / containrs Goto Github PK
View Code? Open in Web Editor NEWGeneral purpose container library
License: Apache License 2.0
General purpose container library
License: Apache License 2.0
I am able to build the project successfully after running cargo build
with latest stable rust (rustc - v1.47.0)
Then I run
$ ./target/debug/criserver -l trace
[2020-10-30T08:02:18.484Z TRACE cri::storage::default_key_value_storage src/storage/default_key_value_storage.rs:22] Opening storage /var/run/user/1000/cri/storage/cri-service
[2020-10-30T08:02:18.605Z DEBUG cri::network::cni src/network/cni/mod.rs:126] Configuration paths: /etc/cni/net.d
[2020-10-30T08:02:18.605Z DEBUG cri::network::cni src/network/cni/mod.rs:135] Plugin paths: <some-bin-paths>
[2020-10-30T08:02:18.605Z INFO cri::network::cni src/network/cni/mod.rs:139] Initializing CNI network
[2020-10-30T08:02:18.605Z INFO cri::network::cni src/network/cni/mod.rs:141] No default CNI network name, choosing first one
[2020-10-30T08:02:18.605Z DEBUG cri::network::cni src/network/cni/mod.rs:264] Got network files: []
[2020-10-30T08:02:18.605Z INFO cri::network::cni src/network/cni/mod.rs:291] No loaded networks
[2020-10-30T08:02:18.606Z TRACE cri::network::cni src/network/cni/mod.rs:150] Setup CNI storage in /var/run/user/1000/cri/storage/cni
[2020-10-30T08:02:18.606Z TRACE cri::storage::default_key_value_storage src/storage/default_key_value_storage.rs:22] Opening storage /var/run/user/1000/cri/storage/cni
[2020-10-30T08:02:18.608Z INFO cri::kubernetes::server src/kubernetes/server/mod.rs:65] Runtime server listening on /var/run/user/1000/cri/cri.sock
$ crictl -D -r "unix:///var/run/user/1000/cri/cri.sock.orig" version
DEBU[0000] VersionRequest: &VersionRequest{Version:v1alpha2,}
DEBU[0000] VersionResponse: nil
FATA[0000] getting the runtime version failed: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR
Not sure if I am missing something?
Looks like we're facing those issues with the default implementation as well:
I was able to connect via grpccurl, which does not have to seem the issue when specifying the socket:
> sudo ./grpcurl -plaintext -unix -protoset cri.protoset cri.sock criapi.RuntimeService.Version
The current log interception does only provide the headers of the request, which does not give us any useful information at all:
https://github.com/cri-o/cri/blob/29f6f7fce7bbc752052d1b70e897b785c02f38c0/src/server.rs#L73-L74
https://github.com/cri-o/cri/blob/29f6f7fce7bbc752052d1b70e897b785c02f38c0/src/server.rs#L101-L107
Target is to make the interception work and print the request as well as the response, probably via a tower wrapper service like this:
https://github.com/hyperium/tonic/blob/master/examples/src/tower/server.rs
Xref: hyperium/tonic#333
The details of the implementation have to be defined.
we should stub out the container storage, possibly using the containers-storage
binary in github.com/containers/storage, to allow forward progress on creating actual containers. The methods can match the api listed here for now
We basically have to unmarshal the seccomp profile path from the CRI and put it in the container runtime spec. We also have to provide the default profile runtime/default
.
We can run basic CI checks, like running:
We could either utilize GitHub actions, CircleCI or prow. Which one would you prefer?
Is it typo?
The lib should not expose any public type (for now). This way we can decide when and how to provide and API.
cri was just a place holder, because naming things is hard. cri
doesn't really uniquely identify this project (cri implementation in rust).
A couple of ideas floated around so far:
Crustacean puns:
Rust pun
Container pun
Oxidation pun
Runc pun
bringing this up in an issue for discussion. I personally am leaning towards crrust (easy to say, clear about what it is)
The default toolchain on a developer machine many be different from the nightly (eg. on my machine it's stable)
$ rustup toolchain list
stable-x86_64-unknown-linux-gnu (default)
nightly-x86_64-unknown-linux-gnu
The build fails. It will be a good idea to have some documentation about it.
There are multiple good logging mechanisms available in Rust. Iโd say we could stick to env_logger for now.
We should switch to the oci-spec crate rather than having our own implementation of the runtime spec.
The pod run functionality would be the first thing to implement as well as necessary surrounding infrastructure (like a key/value storage).
With the clap (from version 3, currently in beta) crate we can directly map cli parameters to configuration structures. This reduces the overhead and avoids unnecessary type conversions.
The first config options could be the log level and the GRPC socket path/server address.
Example: https://github.com/saschagrunert/kubernix/blob/master/src/config.rs
The idea is to support only overlay for now to keep the implementation simple.
The idea is not only to support CLI based OCI runtimes but also provide an easy-to-use middle layer (maybe based on C bindings to be mostly language Independent). WDYT?
We need to write the code that supports:
Add the image pull capability using https://github.com/hyperium/hyper/ client.
A container should be attached to a Pod Sandbox as defined by the CRI.
Support CNI plugins for networking
This should be another good first issue to pick. :)
The server currently listens on an address. I think a socket path would be necessary to run with the kubelet.
We should integrate some unit tests (live side by side with the source code) and integration tests (live in ./test) for this project.
I would like to create a cargo workspace for this project and divide up the code into several crates
runtime spec has already been written by kata, https://github.com/kata-containers/kata-containers/blob/2.0-dev/src/agent/oci/src/lib.rs#L31 (kata agent 2.0) , but there is no image spec yet.
This issue is to track the progress of writing an image spec in rust.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.