2bf8540855
This is initial PR to push the initial code, it has several known problems which are going to be addressed in follow-up PRs: 1. there's no "cluster destroy", so the only way to stop the VMs is to `pkill firecracker` 2. provisioner creates state in `/tmp` and never deletes it, that is required to keep cluster running when `osctl cluster create` finishes 3. doesn't run any controller process around firecracker to support reboots/CNI cleanup (vethxyz interfaces are lingering on the host as they're never cleaned up) The plan is to create some structure in `~/.talos` to manage cluster state, e.g. `~/.talos/clusters/<name>` which will contain all the required files (disk images, file sockets, VM logs, etc.). This directory structure will also work as a way to detect running clusters and clean them up. For point number 3, `osctl cluster create` is going to exec lightweight process to control the firecracker VM process and to simulate VM reboots if firecracker finishes cleanly (when VM reboots). Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
1.1 KiB
Firecracker Talos Provisioner
This code is experimental for now.
Due to CNI, it requires osctl to be running with at least
CAP_SYS_ADMIN and CAP_NET_ADMIN Linux capabilities
(in order to have the ability to create and configure network namespaces).
In any case, it requires /dev/kvm to be accessible for the user
running osctl: https://github.com/firecracker-microvm/firecracker/blob/master/docs/getting-started.md#prerequisites
CNI configuration directory (could be overridden with osctl flags) should
exist, default location is /etc/cni/conf.d.
Network namespace default mountpoint should be created as well: /var/run/netns.
Following CNI plugins should be installed to the CNI binary path (default is /opt/cni/bin):
bridgefirewalltc-redirect-tap
First two CNI plugins are part of Standard CNI plugins, last one can be built from Firecracker Go SDK.
Provisioner creates bridge interface with format talos<8 hex chars> and never deletes it (bug).