Browse Source

Edit to showcase Nix containers without layers.

Signed-off-by: main <magic_rb@redalder.org>
main
main 2 months ago
parent
commit
4d5f6e93ae
Signed by: Magic_RB
GPG Key ID: 08D5287CC5DDCA0E
  1. 19
      README.md
  2. 62
      flake.lock
  3. 143
      flake.nix
  4. 16
      src/main.go

19
README.md

@ -1,14 +1,5 @@ @@ -1,14 +1,5 @@
# Integration example for ContainerD and Golang
> Example application for integrating ContainerD with Golang following [this article](https://blog.lsantos.dev/integrando-containers-na-sua-aplicacao-com-containerd) from my blog
## Instructions
1. This needs to be executed within a machine with both [containerd](https://containerd.io/docs/getting-started/) and [runc](https://github.com/opencontainers/runc) installed
2. Only works for Linux machines
After cloning the repository in any directory of your linux machine:
1. `go get` to fetch the modules
2. `go build src/main.go` to build the binary
3. `sudo ./main` to run the application
```
nix build .#haei
sudo ./result $PWD/rootfs
go run src/main.go
```

62
flake.lock

@ -0,0 +1,62 @@ @@ -0,0 +1,62 @@
{
"nodes": {
"blatt": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1647796280,
"narHash": "sha256-s5S/e6sWLmCzjaHqn8iyJSC2zv4rGXOh8u3DKNtlQFY=",
"owner": "nix-community",
"repo": "NixNG",
"rev": "8a25d4048c113d34a28288a4eed9b51482c0132b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NixNG",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1641244400,
"narHash": "sha256-8i4oasWEz/2y9U+F1XU15jfwSbd5YOEBh2tyBBm/W8E=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c6019d8efb5530dcf7ce98086b8e091be5ff900a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1650647313,
"narHash": "sha256-6ghnNPXDlG6/tXeIFdbP0cGnik6TGNwc615hhG9dpl4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a318a09a96a38382fe61a7f85d03ea6e25c46c56",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"blatt": "blatt",
"nixpkgs": "nixpkgs_2"
}
}
},
"root": "root",
"version": 7
}

143
flake.nix

@ -0,0 +1,143 @@ @@ -0,0 +1,143 @@
{
inputs =
{ nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-21.11";
blatt.url = "github:nix-community/NixNG";
};
outputs = { nixpkgs, blatt, self }:
let
supportedSystems = [ "x86_64-linux" ];
forAllSystems' = nixpkgs.lib.genAttrs;
forAllSystems = forAllSystems' supportedSystems;
nixpkgsForSystem = system:
import nixpkgs { inherit system; };
in
{
blattConfigurations =
{ example = (blatt.nglib nixpkgs.lib).makeSystem {
system = "x86_64-linux";
name = "example-system";
inherit nixpkgs;
config = ({ pkgs, config, ... }:
{ dumb-init = {
enable = true;
type.services = { };
};
init.services.apache2 = {
shutdownOnExit = true;
ensureSomething.link."documentRoot" = {
src = "${pkgs.apacheHttpd}/htdocs";
dst = "/var/www";
};
};
services.apache2 = {
enable = true;
envsubst = true;
configuration = [
{
LoadModule = [
[ "mpm_event_module" "modules/mod_mpm_event.so" ]
[ "log_config_module" "modules/mod_log_config.so" ]
[ "unixd_module" "modules/mod_unixd.so" ]
[ "authz_core_module" "modules/mod_authz_core.so" ]
[ "dir_module" "modules/mod_dir.so" ]
[ "mime_module" "modules/mod_mime.so" ]
];
}
{
Listen = "0.0.0.0:80";
ServerRoot = "/var/www";
ServerName = "blowhole";
PidFile = "/httpd.pid";
DocumentRoot = "/var/www";
User = "www-data";
Group = "www-data";
}
{
ErrorLog = "/dev/stderr";
TransferLog = "/dev/stdout";
LogLevel = "info";
}
{
AddType = [
[ "image/svg+xml" "svg" "svgz" ]
];
AddEncoding = [ "gzip" "svgz" ];
TypesConfig = "${pkgs.apacheHttpd}/conf/mime.types";
}
{
Directory = {
"/" = {
Require = [ "all" "denied" ];
Options = "SymlinksIfOwnerMatch";
};
};
VirtualHost = {
"*:80" = {
Directory = {
"/var/www" = {
Require = [ "all" "granted" ];
Options = [ "-Indexes" "+FollowSymlinks" ];
DirectoryIndex = "\${DIRECTORY_INDEX:-index.html}";
};
};
};
};
}
];
};
});
};
};
haei =
let
config = self.blattConfigurations.example.config;
pkgs = self.blattConfigurations.example._module.args.pkgs;
closureInfo = pkgs.closureInfo
{ rootPaths = [ config.init.script config.system.activationScript ]; };
in
pkgs.writeShellScript "make-rootfs" ''
target="$1"
store_paths="$(cat ${closureInfo}/store-paths | tr '\n' ' ')"
mkdir -p $target
chown root:root $target
for store_path in $store_paths ${config.system.build.toplevel}
do
if [ -d $store_path ]
then
mkdir -p $target/$store_path
else
mkdir -p "$(dirname $target/$store_path)"
touch $target/$store_path
fi
mount -o bind,ro $store_path $target/$store_path
done
'';
devShell = forAllSystems
(system:
let pkgs = nixpkgsForSystem system;
in
pkgs.mkShell
{ nativeBuildInputs = with pkgs;
[ go
clang
runc
containerd
];
}
);
};
}

16
src/main.go

@ -25,18 +25,13 @@ func createAPI () error { @@ -25,18 +25,13 @@ func createAPI () error {
client, err := containerd.New("/run/containerd/containerd.sock")
defer client.Close()
if err != nil {
log.Println(err)
return err
}
ctx := namespaces.WithNamespace(context.Background(), "lsantos")
image, err := client.Pull(ctx, "docker.io/khaosdoctor/simple-node-api:latest", containerd.WithPullUnpack)
if err != nil {
return err
}
log.Printf("Imagem %q baixada", image.Name())
container, err := createContainer(ctx, client, image)
container, err := createContainer(ctx, client)
if err != nil {
return err
}
@ -76,7 +71,6 @@ func createAPI () error { @@ -76,7 +71,6 @@ func createAPI () error {
func createContainer (
ctx context.Context,
client *containerd.Client,
image containerd.Image,
) (containerd.Container, error) {
hasher := sha256.New()
@ -88,9 +82,10 @@ func createContainer ( @@ -88,9 +82,10 @@ func createContainer (
imageSpecs := containerd.WithNewSpec(
oci.WithDefaultSpec(),
oci.WithImageConfig(image),
oci.WithEnv([]string{"PORT=8080"}),
oci.WithEnv([]string{}),
oci.WithHostNamespace(specs.NetworkNamespace),
oci.WithRootFSPath("/tmp/go-containerd-example/rootfs"),
oci.WithProcessArgs("/nix/store/2lyy8ligd2d51qjnwcxlgb9yq80y03pr-nixng/init"),
oci.WithHostHostsFile,
oci.WithHostResolvconf,
)
@ -98,7 +93,6 @@ func createContainer ( @@ -98,7 +93,6 @@ func createContainer (
container, err := client.NewContainer(
ctx,
containerName,
containerd.WithNewSnapshot(containerName + "-snapshot", image),
imageSpecs,
)
if err != nil {

Loading…
Cancel
Save