Magic_RB
/
go-containerd-example
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Edit to showcase Nix containers without layers. 

Signed-off-by: main <magic_rb@redalder.org>
main
main 2 months ago
parent
1dc7eb1610
commit
4d5f6e93ae
Signed by: Magic_RB
GPG Key ID: 08D5287CC5DDCA0E
4 changed files with 215 additions and 25 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 19
      README.md
  2. 62
      flake.lock
  3. 143
      flake.nix
  4. 16
      src/main.go

19
README.md
Unescape View File

@ -1,14 +1,5 @@ @@ -1,14 +1,5 @@
# Integration example for ContainerD and Golang
> Example application for integrating ContainerD with Golang following [this article](https://blog.lsantos.dev/integrando-containers-na-sua-aplicacao-com-containerd) from my blog
## Instructions
1. This needs to be executed within a machine with both [containerd](https://containerd.io/docs/getting-started/) and [runc](https://github.com/opencontainers/runc) installed
2. Only works for Linux machines
After cloning the repository in any directory of your linux machine:
1. `go get` to fetch the modules
2. `go build src/main.go` to build the binary
3. `sudo ./main` to run the application
```
nix build .#haei
sudo ./result $PWD/rootfs
go run src/main.go
```

62
flake.lock
Unescape View File

@ -0,0 +1,62 @@ @@ -0,0 +1,62 @@
{
"nodes": {
"blatt": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1647796280,
"narHash": "sha256-s5S/e6sWLmCzjaHqn8iyJSC2zv4rGXOh8u3DKNtlQFY=",
"owner": "nix-community",
"repo": "NixNG",
"rev": "8a25d4048c113d34a28288a4eed9b51482c0132b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NixNG",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1641244400,
"narHash": "sha256-8i4oasWEz/2y9U+F1XU15jfwSbd5YOEBh2tyBBm/W8E=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c6019d8efb5530dcf7ce98086b8e091be5ff900a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1650647313,
"narHash": "sha256-6ghnNPXDlG6/tXeIFdbP0cGnik6TGNwc615hhG9dpl4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a318a09a96a38382fe61a7f85d03ea6e25c46c56",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"blatt": "blatt",
"nixpkgs": "nixpkgs_2"
}
}
},
"root": "root",
"version": 7
}

143
flake.nix
Unescape View File

@ -0,0 +1,143 @@ @@ -0,0 +1,143 @@
{
inputs =
{ nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-21.11";
blatt.url = "github:nix-community/NixNG";
};
outputs = { nixpkgs, blatt, self }:
let
supportedSystems = [ "x86_64-linux" ];
forAllSystems' = nixpkgs.lib.genAttrs;
forAllSystems = forAllSystems' supportedSystems;
nixpkgsForSystem = system:
import nixpkgs { inherit system; };
in
{
blattConfigurations =
{ example = (blatt.nglib nixpkgs.lib).makeSystem {
system = "x86_64-linux";
name = "example-system";
inherit nixpkgs;
config = ({ pkgs, config, ... }:
{ dumb-init = {
enable = true;
type.services = { };
};
init.services.apache2 = {
shutdownOnExit = true;
ensureSomething.link."documentRoot" = {
src = "${pkgs.apacheHttpd}/htdocs";
dst = "/var/www";
};
};
services.apache2 = {
enable = true;
envsubst = true;
configuration = [
{
LoadModule = [
[ "mpm_event_module" "modules/mod_mpm_event.so" ]
[ "log_config_module" "modules/mod_log_config.so" ]
[ "unixd_module" "modules/mod_unixd.so" ]
[ "authz_core_module" "modules/mod_authz_core.so" ]
[ "dir_module" "modules/mod_dir.so" ]
[ "mime_module" "modules/mod_mime.so" ]
];
}
{
Listen = "0.0.0.0:80";
ServerRoot = "/var/www";
ServerName = "blowhole";
PidFile = "/httpd.pid";
DocumentRoot = "/var/www";
User = "www-data";
Group = "www-data";
}
{
ErrorLog = "/dev/stderr";
TransferLog = "/dev/stdout";
LogLevel = "info";
}
{
AddType = [
[ "image/svg+xml" "svg" "svgz" ]
];
AddEncoding = [ "gzip" "svgz" ];
TypesConfig = "${pkgs.apacheHttpd}/conf/mime.types";
}
{
Directory = {
"/" = {
Require = [ "all" "denied" ];
Options = "SymlinksIfOwnerMatch";
};
};
VirtualHost = {
"*:80" = {
Directory = {
"/var/www" = {
Require = [ "all" "granted" ];
Options = [ "-Indexes" "+FollowSymlinks" ];
DirectoryIndex = "\${DIRECTORY_INDEX:-index.html}";
};
};
};
};
}
];
};
});
};
};
haei =
let
config = self.blattConfigurations.example.config;
pkgs = self.blattConfigurations.example._module.args.pkgs;
closureInfo = pkgs.closureInfo
{ rootPaths = [ config.init.script config.system.activationScript ]; };
in
pkgs.writeShellScript "make-rootfs" ''
target="$1"
store_paths="$(cat ${closureInfo}/store-paths | tr '\n' ' ')"
mkdir -p $target
chown root:root $target
for store_path in $store_paths ${config.system.build.toplevel}
do
if [ -d $store_path ]
then
mkdir -p $target/$store_path
else
mkdir -p "$(dirname $target/$store_path)"
touch $target/$store_path
fi
mount -o bind,ro $store_path $target/$store_path
done
'';
devShell = forAllSystems
(system:
let pkgs = nixpkgsForSystem system;
in
pkgs.mkShell
{ nativeBuildInputs = with pkgs;
[ go
clang
runc
containerd
];
}
);
};
}

16
src/main.go
Unescape View File

@ -25,18 +25,13 @@ func createAPI () error { @@ -25,18 +25,13 @@ func createAPI () error {
client, err := containerd.New("/run/containerd/containerd.sock")
defer client.Close()
if err != nil {
log.Println(err)
return err
}
ctx := namespaces.WithNamespace(context.Background(), "lsantos")
image, err := client.Pull(ctx, "docker.io/khaosdoctor/simple-node-api:latest", containerd.WithPullUnpack)
if err != nil {
return err
}
log.Printf("Imagem %q baixada", image.Name())
container, err := createContainer(ctx, client, image)
container, err := createContainer(ctx, client)
if err != nil {
return err
}
@ -76,7 +71,6 @@ func createAPI () error { @@ -76,7 +71,6 @@ func createAPI () error {
func createContainer (
ctx context.Context,
client *containerd.Client,
image containerd.Image,
) (containerd.Container, error) {
hasher := sha256.New()
@ -88,9 +82,10 @@ func createContainer ( @@ -88,9 +82,10 @@ func createContainer (
imageSpecs := containerd.WithNewSpec(
oci.WithDefaultSpec(),
oci.WithImageConfig(image),
oci.WithEnv([]string{"PORT=8080"}),
oci.WithEnv([]string{}),
oci.WithHostNamespace(specs.NetworkNamespace),
oci.WithRootFSPath("/tmp/go-containerd-example/rootfs"),
oci.WithProcessArgs("/nix/store/2lyy8ligd2d51qjnwcxlgb9yq80y03pr-nixng/init"),
oci.WithHostHostsFile,
oci.WithHostResolvconf,
)
@ -98,7 +93,6 @@ func createContainer ( @@ -98,7 +93,6 @@ func createContainer (
container, err := client.NewContainer(
ctx,
containerName,
containerd.WithNewSnapshot(containerName + "-snapshot", image),
imageSpecs,
)
if err != nil {

Write Preview
Loading…
Cancel
Save