Skip to content

Instantly share code, notes, and snippets.

View sameo's full-sized avatar

Samuel Ortiz sameo

137 followers · 12 following
View GitHub Profile
@sameo
sameo / config.json
Created June 17, 2021 09:55
Config
{
"ociVersion": "1.0.0",
"process": {
"terminal": true,
"user": {
"uid": 0,
"gid": 0
},
"args": [
"/docker-entrypoint.sh",
@sameo
sameo / bpftrace.md
Created May 17, 2021 08:16 
bpftrace -e 'kprobe:nested_vmx_failInvalid { printf("sleep by %d\n", tid); }'
@sameo
sameo / containerd_shim.md
Last active May 5, 2021 08:34

Overview

containerd defines a simple runtime shim API (v2) for container runtimes (kata, runc, etc) to interface with.

The goal of this API is to abstract container operations from the actual runtime operations, and e.g. avoid assumptions on how containers are going to run (inside a VM vs as a bare metal process for example).

With that architecture, a container runtime becomes a shim v2 implementation, which is a binary that:

  1. Implements the gRPC shim service
  2. Supports 2 commands: delete and start
@sameo
sameo / account.rs
Created April 29, 2021 21:44
#[derive(Clone, Debug, Default)]
struct Account {
transactions: Vec<i32>,
balance: i32,
}
impl Account {
fn new() -> Self {
Account {
balance: 0,
@sameo
sameo / kvm-msr-cpuid.md
Created March 2, 2021 15:14

MSRs

3 MSRs array:

  • msrs_to_save reflects the capabilities of the host cpu, built on top of the constant msrs_to_save_all array.
  • emulated_msrs MSRs that are kvm-specific are put in emulated_msrs_all; filtering of emulated_msrs may depend on host virtualization features rather than host cpu features.
  • msr_based_features List of msr numbers which are used to expose MSR-based features that can be used by a hypervisor to validate requested CPU features. Built as a filter on top of msr_based_features_all

KVM_GET_MSR_INDEX_LIST

@sameo
sameo / virtio-probe.md
Last active February 19, 2021 01:45

virtio is a kernel virtual bus. From drivers/virtio/virtio.c:

static struct bus_type virtio_bus = {
	.name  = "virtio",
	.match = virtio_dev_match,
	.dev_groups = virtio_dev_groups,
	.uevent = virtio_uevent,
	.probe = virtio_dev_probe,
	.remove = virtio_dev_remove,
@sameo
sameo / containerd-runtime.md
Last active January 19, 2021 02:55

Containerd runtimes

A runtime in containerd does not stand at the runc level, but at the platform one. There are separate Linux and Windows runtimes, and they register as plugins:

const (
	runtimeName    = "linux"
	configFilename = "config.json"
@sameo
sameo / oci_image.md
Last active October 19, 2020 10:10
OCI Image 
skopeo copy docker://sameo/container101:latest oci:container101

Image layout

The OCI image layout in the host filesystem is specified here.

  • oci-layout
  • index.json is the image index.
@sameo
sameo / containerd-devicemapper.md
Last active October 14, 2020 21:48

Notes

We use /dev/loop0 as the physical media, backed by an empty, 8G image:

dd if=/dev/zero of=lvm-loop.img bs=100M count=80
losetup -fP lvm-loop.img
losetup -a
/dev/loop0: [0053]:4207657 (/home/samuel/devlp/containers/devicemapper/lvm-loop.img)
@sameo
sameo / kata-containers-storage.md
Last active June 23, 2020 01:05
Kata Containers storage: Architecture, problem statement and future