| Both sides previous revision Previous revision Next revision | Previous revision |
| projects:cluster [2025/07/14 16:00] – samp20 | projects:cluster [2025/07/22 12:06] (current) – samp20 |
|---|
| RunC containers are created with a ''config.json'' and a ''rootfs''. RunC can generate a base configuration. While we could technically include that in the cluster config directly, it probably makes more sense to use the RunC generated config and merge the cluster config into it. A Docker config (Docker uses RunC under the hood) is even more restricted, specifying what syscalls are allowed for example. We may want to add this in the future, but not initially. | RunC containers are created with a ''config.json'' and a ''rootfs''. RunC can generate a base configuration. While we could technically include that in the cluster config directly, it probably makes more sense to use the RunC generated config and merge the cluster config into it. A Docker config (Docker uses RunC under the hood) is even more restricted, specifying what syscalls are allowed for example. We may want to add this in the future, but not initially. |
| |
| We will need a mechanism for pulling the Root filesystem. There is probably a standardized way of downloading these from a container registry and unpacking them. For now we won't worry about private registries, but something to consider if this project becomes more widespread. | ==== Pulling the root filesystem ==== |
| | |
| | There exists a few tools that can help with this. [[https://github.com/containers/skopeo|Skopeo]] and [[https://umo.ci/|Umoci]]. An example is below: |
| | |
| | - ''%%skopeo copy docker://busybox:latest oci:busybox:latest%%''. Will create a ''busybox'' folder. |
| | - ''%%umoci unpack --image busybox:latest bundle%%''. Unpacks the OCI image into an OCI runtime bundle in the ''bundle'' folder. This bundle also has a ''config.json''. It'll be interesting to compare that with the RunC generated one. |
| | |
| | It may be preferred to follow the [[https://github.com/opencontainers/image-spec/blob/main/conversion.md|OCI conversion spec]] directly instead of relying on a 3rd party tool such as Umoci. |
| |
| ===== Network and Wireguard ===== | ===== Network and Wireguard ===== |
| |
| The scope of this will initially be to configure the forward chains to forward from the container's virtual ethernet to the wireguard tunnel. In the future this can be extended to implement firewall policies between containers. | The scope of this will initially be to configure the forward chains to forward from the container's virtual ethernet to the wireguard tunnel. In the future this can be extended to implement firewall policies between containers. |
| | |
| | ===== Caddy ===== |
| | |
| | Caddy can be configured directly through JSON. We can merge together multiple container configs, along with any required global configuration, and pass this directly to Caddy. There are probably some gotchas to be aware of when merging. A good starting point will be to take a existing ''Caddyfile'' and convert it to JSON to see what the structure is like and how it can be split. |
| | |