A recent article from the team at fly.io described how they build VMs for firecracker from the docker image provided by their customers. They outline the following steps:
- Pull the matching container from the registry.
- Create a loop device to store the container’s filesystem on.
- Unpack the container (in this case, using Docker’s Go libraries) into the mounted loop device.
- Create a second block device and inject our init, kernel, configuration, and other goop into.
- Track down any persistent volumes attached to the application, unlock them with LUKS, and collect their unlocked block devices.
- Create a TAP device, configure it for our network, and attach BPF code to it.
- Hand all this stuff off to Firecracker and tell it to boot .
As I’ve been interested in playing with both containerd’s API and firecracker, I thought it would be a good opportunity to try to implement this.
You’ll need a few things before you can run this tool.
You’ll need a kernel to run this. The following instructions should do it (to get a 5.8 kernel):
git clone https://github.com/torvalds/linux.git linux.git
cd linux.git
git checkout v5.8
curl -o .config -s https://github.com/firecracker-microvm/firecracker/blob/main/resources/microvm-kernel-x86_64.config
make menuconfig
make vmlinux -j8You need CNI plugins and configurations installed. The recommended configuration is stored under hack/cni. It needs to be copied to /etc/cni/conf.d.
Running make firecracker-binary will download a version of firecracker under the directory hack/firecracker.