mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-10-27 06:21:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
talos/internal/pkg/provision/providers/firecracker/README.md
Andrey Smirnov 2bf8540855 test: provision Talos clusters via Firecracker VMs 
This is initial PR to push the initial code, it has several known
problems which are going to be addressed in follow-up PRs:

1. there's no "cluster destroy", so the only way to stop the VMs is to
`pkill firecracker`

2. provisioner creates state in `/tmp` and never deletes it, that is
required to keep cluster running when `osctl cluster create` finishes

3. doesn't run any controller process around firecracker to support
reboots/CNI cleanup (vethxyz interfaces are lingering on the host as
they're never cleaned up)

The plan is to create some structure in `~/.talos` to manage cluster
state, e.g. `~/.talos/clusters/<name>` which will contain all the
required files (disk images, file sockets, VM logs, etc.). This
directory structure will also work as a way to detect running clusters
and clean them up.

For point number 3, `osctl cluster create` is going to exec lightweight
process to control the firecracker VM process and to simulate VM reboots
if firecracker finishes cleanly (when VM reboots).

Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
2020-01-16 00:27:08 +03:00

28 lines
1.1 KiB
Markdown
Raw Blame History

Firecracker Talos Provisioner
=============================
This code is experimental for now.
Due to CNI, it requires `osctl` to be running with at least
`CAP_SYS_ADMIN` and `CAP_NET_ADMIN` Linux capabilities
(in order to have the ability to create and configure network namespaces).
In any case, it requires `/dev/kvm` to be accessible for the user
running `osctl`: https://github.com/firecracker-microvm/firecracker/blob/master/docs/getting-started.md#prerequisites
CNI configuration directory (could be overridden with `osctl` flags) should
exist, default location is `/etc/cni/conf.d`.
Network namespace default mountpoint should be created as well: `/var/run/netns`.
Following CNI plugins should be installed to the CNI binary path (default is `/opt/cni/bin`):
* `bridge`
* `firewall`
* `tc-redirect-tap`
First two CNI plugins are part of [Standard CNI plugins](https://github.com/containernetworking/cni),
last one can be built from [Firecracker Go SDK](https://github.com/firecracker-microvm/firecracker-go-sdk/tree/master/cni).
Provisioner creates bridge interface with format `talos<8 hex chars>` and never deletes it (bug).
Reference in New Issue View Git Blame Copy Permalink