Skip to content

Commit 42571bd

Browse files
cgwalterscgwalters
committed
docs: Add a new bootc-runtime.md
Let's clarify this more; it's touched on in the main docs but worth elaborating on. Signed-off-by: Colin Walters <[email protected]>
1 parent 593a932 commit 42571bd

File tree

2 files changed

+48
-0
lines changed

2 files changed

+48
-0
lines changed

docs/src/SUMMARY.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
# Building images
1010

1111
- [Building images](building/guidance.md)
12+
- [Container runtime vs bootc runtime](building/bootc-runtime.md)
1213
- [Users, groups, SSH keys](building/users-and-groups.md)
1314
- [Secrets](building/secrets.md)
1415
- [Management Services](building/management-services.md)

docs/src/building/bootc-runtime.md

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
2+
# Container runtime vs "bootc runtime"
3+
4+
Fundamentally, `bootc` reuses the [OCI image format](https://github.com/opencontainers/image-spec)
5+
as a way to transport serialized filesystem trees with included metadata such as a `version`
6+
label, etc.
7+
8+
However, `bootc` generally ignores the [Container configuration](https://github.com/opencontainers/image-spec/blob/main/config.md)
9+
section at runtime today.
10+
11+
Container runtimes like `podman` and `docker` of course *will* interpret this metadata
12+
when running a bootc container image as a container.
13+
14+
## Labels
15+
16+
A key aspect of OCI is the ability to use standardized (or semi-standardized)
17+
labels. The are stored and rendered by `bootc`; especially the
18+
`org.opencontainers.image.version` label.
19+
20+
## Example ignored runtime metadata, and recommendations
21+
22+
### `ENTRYPOINT` and `CMD` (OCI: `Entrypoint`/`Cmd`)
23+
24+
Ignored by bootc.
25+
26+
It's recommended for bootc containers to set `CMD /sbin/init`; but this is not required.
27+
28+
The booted host system will launch from the bootloader, to the kernel+initramfs and
29+
real root however it is "physically" configured inside the image. Typically
30+
today this is using [systemd](https://systemd.io/) in both the initramfs
31+
and at runtime; but this is up to how you build the image.
32+
33+
### `ENV` (OCI: `Env`)
34+
35+
Ignored by bootc; to configure the global system environment you can
36+
change the systemd configuration. (Though this is generally not a good idea;
37+
instead it's usually better to change the environment of individual services)
38+
39+
### `EXPOSE` (OCI: `exposedPorts`)
40+
41+
Ignored by bootc; it is agnostic to how the system firewall and network
42+
function at runtime.
43+
44+
### `USER` (OCI: `User`)
45+
46+
Ignored by bootc; typically you should configure individual services inside
47+
the bootc container to run as unprivileged users instead.

0 commit comments

Comments
 (0)