-
Notifications
You must be signed in to change notification settings - Fork 205
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
sandbox: add gvisor runsc-based sandbox
This creates a VM (running Container-Optimized OS) with configuration such that it boots up and downloads/configures the runsc Docker runtime, reloading the existing Docker daemon on the VM, and then creates a new privileged Docker container with the host's /var/run/docker.sock available to the container. From within that container it's then possible for the new sandbox HTTP server to create its own Docker containers running under gvisor (using docker run --runtime=runsc). This then adds a regional us-central1 load balancer and instance group manager & instane template to run these VMs automatically across us-central1. Then the play.golang.org frontend can hit that URL (http://sandbox.play-sandbox-fwd.il4.us-central1.lb.golang-org.internal) Fixes golang/go#25224 Updates golang/go#30439 (remove nacl) Updates golang/go#33629 (this CL makes the playground support 2 versions) Change-Id: I56c8a86875abcde9d29fa7592b23c0ecd3861458 Reviewed-on: https://go-review.googlesource.com/c/playground/+/195983 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Alexander Rakoczy <alex@golang.org> Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
- Loading branch information
Showing
18 changed files
with
1,066 additions
and
58 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
.terraform |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
*.yaml.expanded |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# This is the sandbox backend server. | ||
# | ||
# When it's run, the host maps in /var/run/docker.sock to this | ||
# environment so the play-sandbox server can connect to the host's | ||
# docker daemon, which has the gvisor "runsc" runtime available. | ||
|
||
FROM golang:1.13 AS build | ||
|
||
COPY . /go/src/playground | ||
WORKDIR /go/src/playground/sandbox | ||
RUN go install | ||
|
||
FROM debian:buster | ||
|
||
RUN apt-get update | ||
|
||
# Extra stuff for occasional debugging: | ||
RUN apt-get install --yes strace lsof emacs25-nox net-tools tcpdump procps | ||
|
||
# Install Docker CLI: | ||
RUN apt-get install --yes \ | ||
apt-transport-https \ | ||
ca-certificates \ | ||
curl \ | ||
gnupg2 \ | ||
software-properties-common | ||
RUN bash -c "curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -" | ||
RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian buster stable" | ||
RUN apt-get update | ||
RUN apt-get install --yes docker-ce-cli | ||
|
||
COPY --from=build /go/bin/sandbox /usr/local/bin/play-sandbox | ||
|
||
ENTRYPOINT ["/usr/local/bin/play-sandbox"] |
Oops, something went wrong.