You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
additional parameters can be passed to runtime though `Options`[field](https://github.com/containerd/containerd/blob/master/api/services/tasks/v1/tasks.pb.go#L93))
additional parameters can be passed to runtime though `Options`[field](https://github.com/containerd/containerd/blob/main/api/services/tasks/v1/tasks.pb.go#L93))
47
47
2. containerd uses firecracker-containerd runtime and block device snapshotter. Requests are passed to runtime. Runtime
48
48
is responsible for communicating with Agent, attaching/managing block devices and controlling container execution
49
49
lifecycle.
@@ -94,9 +94,9 @@ any communication protocol can be chosen (ttrpc, grpc, http, ...) for exchanging
94
94
The orchestrator knows about task definitions (e.g. aware about high level picture), makes decisions based on given
95
95
information, and submits requests to containerd.
96
96
97
-
The orchestrator talks to all subsystems using containerd's [APIs](https://github.com/containerd/containerd/tree/master/api).
98
-
In order to manage containers lifecycle it can use [task](https://github.com/containerd/containerd/tree/master/services/tasks)
99
-
service, extra configuration can be specified thought option [fields](https://github.com/containerd/containerd/blob/master/api/services/tasks/v1/tasks.proto#L74).
97
+
The orchestrator talks to all subsystems using containerd's [APIs](https://github.com/containerd/containerd/tree/main/api).
98
+
In order to manage containers lifecycle it can use [task](https://github.com/containerd/containerd/tree/main/services/tasks)
99
+
service, extra configuration can be specified thought option [fields](https://github.com/containerd/containerd/blob/main/api/services/tasks/v1/tasks.proto#L74).
100
100
Missing functionality (like firecracker control service) can be added as an extension to `containerd`.
101
101
Containerd supports GRPC plugins, so FC control can reuse existing GRPC [server](https://github.com/containerd/containerd/blob/a15b6e2097c48b632dbdc63254bad4c62b69e709/services/server/server.go#L78)
102
102
and live in same process as `containerd`. Orchestrator's client uses same GRPC connection (`containerd` has
@@ -165,7 +165,7 @@ Firecracker team is exploring options around Firecracker handling some aspects o
165
165
166
166
Because there is no way to attach block devices upon request, the suggested approach is to use fake block devices (`/dev/null` or
167
167
sparse files) to reserve drive ids before running Firecracker instance. When container needs to be run, fake device is
with real container image received as [mount](https://github.com/firecracker-microvm/firecracker-containerd/blob/0e39b738ab466358b1059bb283b19726476310a1/runtime/service.go#L651)
170
170
from snapshotter. Fake device can be represented by `/dev/null`, however Firecracker doesn't allow to attach same block
171
171
device more than once (even with different drive ids). So alias should be used. Another approach is to use sparse files
Copy file name to clipboardExpand all lines: docs/shim-design.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -48,9 +48,9 @@ The purpose of this doc is to determine which model best fits our use case in te
48
48
* A unique identifier associated with each firecracker microVM that's used to reference which VM a given container is intended to run in.
49
49
* In practice, there will likely be a 1-to-1 mapping between each ECS task or each EKS Pod to a `vm_id`.
50
50
* (containerd) **Container**
51
-
* In containerd, a “[Container](https://github.com/containerd/containerd/blob/master/api/services/containers/v1/containers.proto#L38)” refers not to a running container but the metadata configuring a container.
51
+
* In containerd, a “[Container](https://github.com/containerd/containerd/blob/main/api/services/containers/v1/containers.proto#L38)” refers not to a running container but the metadata configuring a container.
52
52
* (containerd) **Task**
53
-
* In containerd, a “[Task](https://github.com/containerd/containerd/blob/master/api/services/tasks/v1/tasks.proto#L56)” (not to be confused with an ECS Task), essentially refers to a running container; it is a running process using the configuration as specified in a previously defined Container object
53
+
* In containerd, a “[Task](https://github.com/containerd/containerd/blob/main/api/services/tasks/v1/tasks.proto#L56)” (not to be confused with an ECS Task), essentially refers to a running container; it is a running process using the configuration as specified in a previously defined Container object
54
54
***“shim start” routine**
55
55
* In the runtime v2 model, when containerd starts a new Task, it will always invoke the runtime binary specified in the Container object and run its “shim start” routine. This is the point where the runtime shim will decide whether it should keep running or if containerd should instead use a different, pre-existing shim process.
56
56
*[Our current shim start routine is here.](https://github.com/firecracker-microvm/firecracker-containerd/blob/3f204844eed9b70f25e062f3a947dda582809757/runtime/service.go#L106)
@@ -61,14 +61,14 @@ The purpose of this doc is to determine which model best fits our use case in te
61
61
62
62
## Containerd Runtime v2 Essentials
63
63
64
-
There's a few details of containerd's runtime v2 model that are essential to understand before diving into how it can fit into our use case. [The runtime v2 docs](https://github.com/containerd/containerd/blob/master/runtime/v2/README.md) and their [getting started guide](https://github.com/containerd/containerd/blob/master/docs/getting-started.md) have more details, but the important parts of the typical flow in creating a container within the runtime v2 model are summarized below:
64
+
There's a few details of containerd's runtime v2 model that are essential to understand before diving into how it can fit into our use case. [The runtime v2 docs](https://github.com/containerd/containerd/blob/main/runtime/v2/README.md) and their [getting started guide](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) have more details, but the important parts of the typical flow in creating a container within the runtime v2 model are summarized below:
1. The client makes a [CreateContainerRequest](https://github.com/containerd/containerd/blob/master/api/services/containers/v1/containers.proto#L38), which includes metadata for the intended container configuration (i.e. OCI runtime spec), which runtime the container should be spawned with (i.e. `aws.firecracker`) and a unique `container_id`
68
+
1. The client makes a [CreateContainerRequest](https://github.com/containerd/containerd/blob/main/api/services/containers/v1/containers.proto#L38), which includes metadata for the intended container configuration (i.e. OCI runtime spec), which runtime the container should be spawned with (i.e. `aws.firecracker`) and a unique `container_id`
69
69
1. This stores the metadata for the container definition within containerd, **but it does not actually spawn the container yet**
70
-
2. The client now wants to actually create a running task for the container it just defined, which it does by issuing a [CreateTaskRequest](https://github.com/containerd/containerd/blob/master/api/services/tasks/v1/tasks.proto#L56) that includes the `container_id` provided in the previous `CreateContainerRequest`
71
-
3. Containerd will now always `fork/exec` to the runtime's shim binary and invoke the “start” routine. **The shim is expected to [“either start a new shim or return an address to an existing shim based on the shim's logic.”](https://github.com/containerd/containerd/blob/master/runtime/v2/README.md#start)**
70
+
2. The client now wants to actually create a running task for the container it just defined, which it does by issuing a [CreateTaskRequest](https://github.com/containerd/containerd/blob/main/api/services/tasks/v1/tasks.proto#L56) that includes the `container_id` provided in the previous `CreateContainerRequest`
71
+
3. Containerd will now always `fork/exec` to the runtime's shim binary and invoke the “start” routine. **The shim is expected to [“either start a new shim or return an address to an existing shim based on the shim's logic.”](https://github.com/containerd/containerd/blob/main/runtime/v2/README.md#start)**
72
72
1. (code) [containerd starting the shim binary](https://github.com/containerd/containerd/blob/9b882c44f8834613e53fc11045c10397a7d94e61/runtime/v2/manager.go#L126)
73
73
4. At this point, the shim can optionally retrieve some more metadata if needed to make a decision on how to proceed. It has a few IDs/paths available to it that can be used to retrieve that metadata:
74
74
1. The `container_id` for the container that is going to be spawned into a running task. The `container_id` is the “id” field in [our shim's NewService func](https://github.com/firecracker-microvm/firecracker-containerd/blob/3f204844eed9b70f25e062f3a947dda582809757/runtime/service.go#L79). It can be used to make a [GetContainerRequest](https://github.com/containerd/containerd/blob/68c44f8cc8a3a4990928c96f8207688ecf6df2f9/api/services/containers/v1/containers.proto#L30) to containerd, which will return all available container metadata.
@@ -85,7 +85,7 @@ There's a few details of containerd's runtime v2 model that are essential to und
85
85
86
86
The requirements for our use case are:
87
87
88
-
1.[Containerd's requirements for runtime v2 shims](https://github.com/containerd/containerd/tree/master/runtime/v2)
88
+
1.[Containerd's requirements for runtime v2 shims](https://github.com/containerd/containerd/tree/main/runtime/v2)
89
89
2. Ability to group containers into a single microVM via an identifier for the microVM (`vm_id`). Containers must be able to be created within the microVM after the VM has already started.
90
90
91
91
# Decisions to be Made
@@ -102,7 +102,7 @@ The high-level issues this docs will address (each gets its own section):
102
102
103
103
1. Fine grain details of how microVMs will be configured other than that running VMs can be specified with a `vm_id`.
104
104
2. Details on exactly which field we will use to specify which `vm_id` a given container is using. There are multiple possibilities, all of which work with the options being presented here:
0 commit comments