Lib.rs

#containerd #shim #sandbox #build #logging #ttrpc #server

shimkit

Tools to build containerd shims

Owned by Jorge Prendes.

1 unstable release

new 0.1.0 Nov 4, 2024

#3 in #ttrpc

Apache-2.0

60KB
672 lines

shimkit

Library for writing containerd shims

Task API

Setup

  1. Build the logger example

    cargo build --example logger

  2. Create an executable script to print the path to the shim server

    cat <<EOF | sudo tee /usr/local/bin/containerd-shim-logger-v1 > /dev/null
#!/bin/bash
echo unix:///run/containerd/containerd-shim-logger-debug.sock.ttrpc
EOF
sudo chmod a+x /usr/local/bin/containerd-shim-logger-v1

  3. Then run the shim

    sudo ./target/debug/examples/logger start

Start a container

Now in a different terminal start a container with docker run

docker run --runtime=io.containerd.logger.v1 hello-world

The command will fail because the logger shim is just a stub, but you will see the requests that containerd did on the shim printed to the terminal.

Sandbox API

Setup

  1. If you haven't, follow the setup in steps in Task API
  2. Enable containerd's sandbox API by setting the environent variable ENABLE_CRI_SANDBOXES=sandboxed when launching containerd. If you use systemd edit /usr/lib/systemd/system/containerd.service and in the [Service] section add Environment=ENABLE_CRI_SANDBOXES=sandboxed. 
    ...
[Service]
ExecStartPre=-/user/bin/modprobe overlay
ExecStart=/usr/bin/containerd
Environment=ENABLE_CRI_SANDBOXES=sandboxed
...
  3. Add the runtime to containerd's config.toml file /etc/containerd/config.toml. If the file doesn't exist, create it. A minimal example below: 
    version = 2
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.logger]
    runtime_type = "io.containerd.logger.v1"
    sandbox_mode = "shim"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
    runtime_type = "io.containerd.runc.v2"
  4. Restart containerd. If you use systemd 
    sudo systemctl daemon-reload
sudo systemctl restart containerd

Start a sandbox

Now start a new sandbox using crictl runp

cat <<EOF > /tmp/pod-config.yaml
metadata:
  name: my-sandbox
  namespace: default
  uid: abc123
EOF
sudo crictl --runtime-endpoint=unix:///run/containerd/containerd.sock \
    runp --runtime=logger \
    /tmp/pod-config.yaml

The command will fail because the logger shim is just a stub, but you will see the requests that containerd did on the shim printed to the terminal.

Dependencies

~14–27MB
~393K SLoC