Container Runtimes are softwares that facilitate the containers to run. The Implementation for Containers started some time back and led to many container runtimes having their own formats. This approach has proven to be difficult and users find it hard to adopt to new container runtimes or port to the newer ones from current ones.
OCI ( Open Container Initiative ) : Keeping the problem in mind, a bunch of tech giants came together and formed OCI. The job of this is to define standards for the container ecosystem that help users to work on different runtimes with simplicity since they follow a Standard OCI format.
As we already know we have 2 levels in container runtime: High level and low level. ContainerD is a high level runtime and RunC is a low level runtime.RunC is a lightweight, portable container runtime which provides full support for linux namespaces and all other security features.The security features include SeLinux, AppArmor, Seccomp and Cgroups. This is used for spawning and running containers according to OCI ( Open Container Initiative ).
RunC is a low level implementation of a container runtime and containerD is builds on top of that. This includes providing higher level features like image transfer, storage, container execution and supervision. It also includes network, storage attachments etc basically manages the complete life cycle of containers.
In this article we will see how to work with RunC,
Download the RunC Source Code using the below github link [root@ip-172-31-9-137 runc]# git clone https://github.com/opencontainers/runc.git
Configure and Make the runC tool using the Source Code
[root@ip-172-31-9-137 runc]# cd runc
[root@ip-172-31-9-137 runc]# make BUILDTAGS=' '
[root@ip-172-31-9-137 runc]# make install
[root@ip-172-31-9-137 runc]# install -D -m0755 runc /usr/local/sbin/runc
Create a Container
[root@ip-172-31-9-137 ~]# mkdir mycontainer
[root@ip-172-31-9-137 ~]# cd mycontainer/
[root@ip-172-31-9-137 mycontainer]# mkdir rootfs
[root@ip-172-31-9-137 mycontainer]# docker export $(docker create busybox) | tar -C rootfs -xvf -
After a root filesystem is populated you just generate a spec in the format of a config.json file inside your bundle. runc provides a spec command to generate a base template spec that you are then able to edit. To find features and documentation for fields in the spec please refer to the specs repository.
[root@ip-172-31-9-137 mycontainer]# runc spec
[root@ip-172-31-9-137 mycontainer]# ll
total 4
-rw-r--r--. 1 root root 2652 Mar 18 10:00 config.json
drwxr-xr-x. 12 root root 137 Mar 18 09:59 rootfs
Running Containers
Assuming you have an OCI bundle from the previous step you can execute the container in two different ways.If you used the unmodified runc spec template this should give you a sh session inside the container.
[root@ip-172-31-9-137 mycontainer]# cd /mycontainer
[root@ip-172-31-9-137 mycontainer]# runc run mycontainer
/ #
[root@ip-172-31-9-137 mycontainer]# runc create mycontainer
[root@ip-172-31-9-137 mycontainer]# runc list
ID PID STATUS BUNDLE CREATED OWNER
mycontainer 4796 created /root/mycontainer 2021-03-18 root
# after 5 seconds view that the container has exited and is now in the stopped state by running the command
[root@ip-172-31-9-137 mycontainer]#runc list
# now delete the container
[root@ip-172-31-9-137 mycontainer]# runc delete mycontainer
Hope this helps in understanding the Usage of RunC in Running Container. More to Come, Happy learning.
No comments :
Post a Comment