-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathlinuxkit-example.yml
124 lines (124 loc) · 5.83 KB
/
linuxkit-example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# NB this is a modified version of:
# https://github.com/linuxkit/linuxkit/blob/46d4edc967b5a9de705840d30c83b83fedabb492/examples/docker.yml
# https://github.com/linuxkit/linuxkit/blob/46d4edc967b5a9de705840d30c83b83fedabb492/examples/sshd.yml
# https://github.com/linuxkit/linuxkit/blob/46d4edc967b5a9de705840d30c83b83fedabb492/examples/logging.yml
kernel:
image: linuxkit/kernel:5.10.47
# NB tty0 (or console) represent the current virtual terminal.
cmdline: ipv6.disable=1 console=tty1
init:
- linuxkit/init:78fb57c7da07c4e43c3a37b27755581da087a3b6
- linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d
- linuxkit/containerd:cc02c2af9c928c2faeccbe4edc78bd297ad91866
- linuxkit/ca-certificates:4df823737c9bf6a9564b736f1a19fd25d60e909a
- linuxkit/memlogd:9b0e8a5b3f67672234170d88833163caf7898984
onboot:
- name: sysctl
image: linuxkit/sysctl:02d2bd74509fd063857ceb4c4f502f09ee4f2e0a
- name: rngd1
image: linuxkit/rngd:bdabfe138f05f7d48396d2f435af16f5a6ccaa45
command: ["/sbin/rngd", "-1"]
# ensure an IP configuration before we run the services.
# NB without this, docker will fail with something alike:
# dial tcp: lookup registry-1.docker.io on [::1]:53: read udp [::1]:51903->[::1]:53: read: connection refused
# NB this is a side effect of not having a fully configured
# /etc/resolv.conf file. when that happens, go based application
# (like dockerd) use the dns servers at "127.0.0.1:53" and "[::1]:53",
# but since those do not really exist in this machine, the dns
# resolution will fail.
# see https://github.com/golang/go/blob/go1.17.1/src/net/dnsconfig_unix.go#L20
- name: dhcpcd
image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services:
- name: rngd
image: linuxkit/rngd:bdabfe138f05f7d48396d2f435af16f5a6ccaa45
- name: dhcpcd
image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388
- name: logwrite
image: linuxkit/logwrite:e64e0f06e485e3542b58f3517da3bc13f246d208
- name: kmsg
image: linuxkit/kmsg:df84eda2a82d5e24ddfe241831af3efb13a1a557
- name: promtail
image: grafana/promtail:2.3.0
binds.add:
- /etc/promtail/config.yml:/etc/promtail/config.yml
- /var/log:/host/var/log
- /var/run/promtail:/var/run/promtail
runtime:
mkdir:
- /var/run/promtail
- name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101
env:
- INSECURE=true
binds.add:
- /etc/profile.d/local.sh:/etc/profile.d/local.sh
- name: sshd
image: linuxkit/sshd:add8c094a9a253870b0a596796628fd4ec220b70
binds.add:
- /etc/profile.d/local.sh:/etc/profile.d/local.sh
- name: hello
image: alpine:3.14
command: ["/bin/sh", "-c", "while true; do echo hello $(date); sleep 1; done"]
- name: docker
image: local/docker:20.10.8-dind
capabilities: [all]
net: host
mounts:
- type: cgroup
options: ["rw", "nosuid", "nodev", "noexec", "relatime"]
binds:
- /etc/resolv.conf:/etc/resolv.conf
- /lib/modules:/lib/modules
- /etc/docker/daemon.json:/etc/docker/daemon.json
# NB because a tmpfs is mounted onto /var, /run, and /tmp by default, the tmpfs
# mounts will shadow anything specified in the files section.
# see https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#files
files:
# see https://github.com/linuxkit/linuxkit/blob/master/docs/faq.md#enabling-and-controlling-containerd-logs
# NB we have to move the containerd into a different folder until
# https://github.com/grafana/loki/issues/3804 is addressed.
# NB this didn't work due to https://github.com/linuxkit/linuxkit/issues/3686
# so we have to use a different file extension.
- path: etc/containerd/runtime-config.toml
contents: |
cliopts="--log-level debug"
stderr="/var/log/containerd.log.txt"
stdout="/var/log/containerd.out.log.txt"
mode: "0644"
- path: root/.ssh/authorized_keys
contents: |
# from https://raw.github.com/hashicorp/vagrant/master/keys/vagrant.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
mode: "0600"
- path: etc/profile.d/local.sh
contents: |
alias logread='/proc/1/root/usr/bin/logread'
alias l='ls -lF'
alias ll='l -a'
alias ctr='ctr -n services.linuxkit'
alias docker='ctr tasks exec --tty --exec-id shell docker docker'
mode: "0644"
- path: etc/promtail/config.yml
source: promtail-config.yml
mode: "0644"
- path: etc/docker/daemon.json
# NB loki-relabel-config is executed once per container.
# NB loki-pipeline-stages is executed once per container log line.
# NB the filename label is set once per container.
# NB the source label is set per container log line.
contents: |
{
"debug": true,
"log-driver": "loki",
"log-opts": {
"labels": "worker_id",
"loki-url": "@@loki_push_url@@",
"loki-external-labels": "job=container,container_name={{.Name}}",
"loki-relabel-config": "# drop filename, we have no use for it.\n- regex: filename\n action: labeldrop\n# always use the host hostname as the host that generated the container logs.\n- target_label: host\n replacement: linuxkit\n",
"loki-pipeline-stages": "# rename container_name to source.\n- labels:\n source: container_name\n- labeldrop:\n - container_name\n",
"max-size": "10m",
"max-file": "3"
}
}