Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pass docker registry mirror info from executor to guest vm via MMDS #8389

Merged
merged 23 commits into from
Feb 14, 2025
Merged

pass docker registry mirror info from executor to guest vm via MMDS #8389

merged 23 commits into from
Feb 14, 2025

Conversation

dan-stowell
Copy link
Contributor

@dan-stowell dan-stowell commented Feb 12, 2025
edited
Loading

We'd like to be able to have dockerd running inside a Firecracker VM be able to pull images from registry mirrors (and, for tests, be able to pull from insecure registries).

This change introduces executor.firecracker_vm_docker_mirrors and executor.firecracker_vm_docker_insecure_registries flags. When either is set, the host machine writes their values as JSON and passes that JSON to the VM over the microVM Metadata Service, also known as the Firecracker Metadata API or MMDS.

This change bumps the Firecracker guest API version. I'm not sure if that bump is strictly necessary or warranted.

bduffany
bduffany reviewed Feb 12, 2025
View reviewed changes
Copy link
Member

@bduffany bduffany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall approach looks great 👍 just a few nits

enterprise/server/cmd/goinit/main.go Outdated Show resolved Hide resolved
enterprise/server/cmd/goinit/main.go Outdated Show resolved Hide resolved
@dan-stowell dan-stowell removed the request for review from tylerwilliams February 13, 2025 19:23
@dan-stowell dan-stowell changed the title [draft DO NOT MERGE] pass docker registry mirror info from executor to guest vm via MMDS pass docker registry mirror info from executor to guest vm via MMDS Feb 13, 2025
@dan-stowell dan-stowell marked this pull request as ready for review February 13, 2025 21:05
maggie-lou
maggie-lou reviewed Feb 14, 2025
View reviewed changes
enterprise/server/remote_execution/containers/firecracker/firecracker.go
@@ -1452,6 +1458,7 @@ func (c *FirecrackerContainer) getConfig(ctx context.Context, rootFS, containerF
HostDevName: tapDeviceName,
MacAddress: tapDeviceMac,
},
AllowMMDS: c.vmConfig.InitDockerd,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: unused - remove?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why unused? I think setting AllowMMDS to true causes the MMDS configuration handler to run during init.

enterprise/server/cmd/goinit/main.go Outdated Show resolved Hide resolved
enterprise/server/remote_execution/containers/firecracker/firecracker.go Outdated Show resolved Hide resolved
@dan-stowell dan-stowell merged commit cfb973c into master Feb 14, 2025
15 checks passed
@dan-stowell dan-stowell deleted the fcmirror branch February 14, 2025 22:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vanja-p vanja-p vanja-p left review comments

@maggie-lou maggie-lou maggie-lou left review comments

@bduffany bduffany bduffany approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dan-stowell @bduffany @vanja-p @maggie-lou