GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → akhramov → knast

akhramov / knast

Licence: MIT License
Experimental OCI & CRI-compatible container runtimes for FreeBSD

Programming Languages

rust
11053 projects
Roff
2310 projects

Labels

kubernetesfreebsdcontainersocifreebsd-jail-managercricontainerizationcni-pluginfreebsd-jails

Projects that are alternatives of or similar to knast

libjail-rs
Rust implementation of a FreeBSD jail library
Stars: ✭ 32 (+60%)
Mutual labels:  freebsd, freebsd-jail-manager, freebsd-jails
Runj
runj is an experimental, proof-of-concept OCI-compatible runtime for FreeBSD jails.
Stars: ✭ 211 (+955%)
Mutual labels:  freebsd, oci
jailman
Automated iocage Jail manager for FreeNAS
Stars: ✭ 26 (+30%)
Mutual labels:  freebsd, freebsd-jails
Containerd
An open and reliable container runtime
Stars: ✭ 9,956 (+49680%)
Mutual labels:  oci, cri
ansible-sshjail
An Ansible connection plugin for provisioning FreeBSD jails remotely
Stars: ✭ 57 (+185%)
Mutual labels:  freebsd, freebsd-jails
osutil
Go library to easily detect current operating system, current Linux distribution, macOS version and more...
Stars: ✭ 22 (+10%)
Mutual labels:  freebsd
paket
A simple and fast package manager for the Fish shell written in Rust. 🐠
Stars: ✭ 31 (+55%)
Mutual labels:  freebsd
insaneworks-packer-template
CentOS 7-8 8Stream / AlmaLinux 8 / FreeBSD 12 - 13 x64 + VirtualBox / VMWare for Packer Template + FreeBSD 13 / AlmaLinux 9 + Parallels
Stars: ✭ 38 (+90%)
Mutual labels:  freebsd
edge-home-orchestration-go
Home Edge Project in LF Edge - Edge Orchestration for home edge devices to enabling smart home use cases.
Stars: ✭ 68 (+240%)
Mutual labels:  containerization
cheribsd
FreeBSD adapted for CHERI-RISC-V and Arm Morello.
Stars: ✭ 95 (+375%)
Mutual labels:  freebsd
jail exporter
A Prometheus exporter for FreeBSD jail metrics
Stars: ✭ 21 (+5%)
Mutual labels:  freebsd
if1004
Desmistificando DevOps: Projetando Arquiteturas Efetivamente Escaláveis
Stars: ✭ 63 (+215%)
Mutual labels:  containerization
bbcp
BlackBox Cross-Platform (Windows, GNU/Linux, OpenBSD, FreeBSD)
Stars: ✭ 49 (+145%)
Mutual labels:  freebsd
capsicumizer
Run anything (like full blown GTK apps) under Capsicum
Stars: ✭ 48 (+140%)
Mutual labels:  freebsd
pfSense-pkg-WireGuard
This is a port of the original WireGuard UI bits as implemented by Netgate in pfSense 2.5.0 to a package suitable for rapid iteration and more frequent updating on future releases of pfSense.
Stars: ✭ 194 (+870%)
Mutual labels:  freebsd
opengnb
GNB is open source de-centralized VPN to achieve layer3 network via p2p with the ultimate capability of NAT Traversal.GNB是一个开源的去中心化的具有极致内网穿透能力的通过P2P进行三层网络交换的VPN。
Stars: ✭ 440 (+2100%)
Mutual labels:  freebsd
Awesome-BSD-Ports-Programs-And-Projects
A Repo Detailing BSD Ports, Programs, and Projects.
Stars: ✭ 46 (+130%)
Mutual labels:  freebsd
packetdrill
packetdrill with UDPLite and SCTP support and bug fixes for FreeBSD
Stars: ✭ 37 (+85%)
Mutual labels:  freebsd
findlargedir
find all "blackhole" directories with a huge amount of filesystem entries in a flat structure
Stars: ✭ 15 (-25%)
Mutual labels:  freebsd
linux2free
Upgrade Linux to FreeBSD remotely via SSH
Stars: ✭ 18 (-10%)
Mutual labels:  freebsd
View All Similar Projects ➔

KNAST

Knast is FreeBSD experimental toolkit for building a modern container infrastructure. This is a research project project not intended to be used in production. See Goals.

Status

Currently, knast provides an OCI-compatible container runtime, which diverges from the etalon realization in some places. Namely,

  • runc start doesn’t detach process.
  • runc kill cannot be applied to created process.
  • Non-standard extensions, such as runc run are not implemented.

Kernel requirements

Knast runs on amd64 FreeBSD 13.0-STABLE Kernel and newer. Support for aarch64 is planned.

Knast runs on GENERIC kernel, but requires several kernel modules to be loaded (or compiled in kernel). These are

  • if_bridge is required for setting up VNET networking for jail.
  • if_epair is required for setting up VNET networking for jail
  • linux64 (optional) is required for linux jails
  • pf firewall is required for networking, use pf service to load it.

Following sysctl variables need to be set:

  • net.inet.ip.forwarding -> 1 for jail networking.

Usage

Building

cargo build release

Creating a bundle

To run a container OCI runtimes need a runtime bundle. Runtime bundles are built from OCI images. Knast is a mere runtime and not responsible for creating these files for you. You can use third party tools to create a bundle, or create it manually.

For convenience, we provide a util to fetch and unpack OCI images from docker registry. For instance, following command will create a runtime bundle from oldoldstable debian:

fetch_image debian:oldoldstable-20201209-slim

fetch_image will create a bundle somewhere in a $HOME directory the exact location will be printed.

In this example we fetched the oldoldstable debian, whose binaries still rely on older kernel ABI which is likely will be covered by Linuxulator.

OCI lifecycle

Once the bundle is created, you can create a container.

Navigate to runc folder and build the project using cargo build.

Following will create a VNET jail, configure network for it, mount all necessary devices and so on.

runc create debian /home/akhramov/containers/d19a2ab9-af67-4d04-8aef-9c364686c4fb

Then you will be able to start the container

runc start debian

Finally, you can delete the stopped container

runc delete debian

Apart from that, you can query containers state using state command and send signals to the container using kill. Please note that kill diverges from the etalone runc realization in sense that it only support signal numbers, not names.

Project structure

This project consists of several libraries, namely

  • netzwerk contains network-related routines. Setting up interfaces, NATs, etc
  • registratur is a client library for docker registry. It’s just a convenience library containing types & HTTP client and does not directly serve project goals. This functionality is to be handled by other tools.
  • baustelle builds containers from images. It even supports a limited subsets of dockerfiles, though, just like with registratur this functionality is to be handled by other tools.
  • storage provides storage-agnostic embedded db. Is used by runc to store containers state and other metadata.
  • runc provides an OCI compatible runc binary.

Goals

Knast is a research project conducted (in order of priority) to

  • examine capabilities of Rust in niche of OS-level virtualization, in vein of Oracle’s railcar. Long term goal is to implement modules for the popular orchestration / containerization solutions, like a CNI plugin.
  • Examine feasibility to implement a container runtime without userspace dependencies: a self-sufficient binary which doesn’t rely on presence of any binaries in system.

    That implies that we will need to rewrite bindings to mount, devfs, route, partially implement functionality provided by ifconfig. Again, such a good test for Rust :)

  • Build a runtime for containerd, a CRI, etc. Which has lower priority.

State

Not ready, please don’t use it anywhere.

Other efforts.

  • https://github.com/samuelkarp/runj this project will likely achieve production-readiness sooner and reuses stable, reliable tooling which is already there. Please check it out.

Contributing

If you would like to contribute – please do. Check the list of open issues and tackle any task you want in regards to project priorities.

Testers, bug reporters, ocasional users – I love you all.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].