Enable GPUs and networking in container during optimize

Currently, networking inside a container when optimizing through the ctr-remote tool is only available through CNI-based networking plugins, not through `net-host`. Furthermore, there is no option to enable GPUs inside the container when optimizing GPU-based images. This commit adds flags to the optimize command to enable both features. Changes: 1) Added `net-host` flag to enable to networking inside the container, similar to when using `ctr-remote run`. 2) Added `gpus` flag to enable GPU-based image optimization. 3) Changes to documentation explaining the above made changes. Signed-off-by: Rishabh Singhvi <rdpsin@amazon.com>
ilyee · Jul 20, 2021 · deb5648 · deb5648
1 parent 64bf037
commit deb5648
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 0 deletions.
diff --git a/cmd/ctr-remote/commands/flags.go b/cmd/ctr-remote/commands/flags.go
@@ -25,11 +25,13 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/contrib/nvidia"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/oci"
 	"github.com/containerd/containerd/pkg/netns"
@@ -39,6 +41,7 @@ import (
 	runtimespec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/rs/xid"
+	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
 )
 
@@ -115,6 +118,14 @@ var samplerFlags = []cli.Flag{
 		Name:  "cni-plugin-dir",
 		Usage: "path to the CNI plugins binary directory",
 	},
+	cli.IntSliceFlag{
+		Name:  "gpus",
+		Usage: "add gpus to the container",
+	},
+	cli.BoolFlag{
+		Name:  "net-host",
+		Usage: "enable host networking in the container",
+	},
 }
 
 func getSpecOpts(clicontext *cli.Context) func(image containerd.Image, rootfs string) (opts []oci.SpecOpts, done func() error, rErr error) {
@@ -192,6 +203,20 @@ func getSpecOpts(clicontext *cli.Context) func(image containerd.Image, rootfs st
 			cleanups = append(cleanups, cleanup)
 			opts = append(opts, nOpt)
 		}
+		if clicontext.Bool("net-host") {
+			if runtime.GOOS == "windows" {
+				logrus.Warn("option --net-host is not supported on Windows")
+			} else {
+				opts = append(opts, oci.WithHostNamespace(runtimespec.NetworkNamespace), oci.WithHostHostsFile, oci.WithHostResolvconf)
+			}
+		}
+		if clicontext.IsSet("gpus") {
+			if runtime.GOOS == "windows" {
+				logrus.Warn("option --gpus is not supported on Windows")
+			} else {
+				opts = append(opts, nvidia.WithGPUs(nvidia.WithDevices(clicontext.IntSlice("gpus")...), nvidia.WithAllCapabilities))
+			}
+		}
 
 		return
 	}

diff --git a/docs/ctr-remote.md b/docs/ctr-remote.md
@@ -66,6 +66,18 @@ The following example optimizes an image with a compression level of 1.
 # ctr-remote image optimize --oci --estargz-compression-level 1 ghcr.io/stargz-containers/golang:1.15.3-buster-org registry2:5000/golang:1.15.3-esgz
 ```
 
+You can enable host networking for the container using the `net-host` flag.
+
+```console
+# ctr-remote i optimize -t -i --oci --entrypoint='[ "/bin/bash", "-c" ]' --net-host --args='[ "ip a && curl example.com" ]' ghcr.io/stargz-containers/centos:8-test registry2:5000/centos:8-test-esgz
+```
+
+You can optimize GPU-based images using the `gpu` flag. The flag expects a comma separated list of integers.
+
+```console
+# ctr-remote i optimize --oci --gpus "0" <src> <target>
+```
+
 `--oci` option is highly recommended to add when you create eStargz image.
 If the source image is [Docker image](https://github.com/moby/moby/blob/master/image/spec/v1.2.md) that doesn't allow us [content verification of eStargz](/docs/verification.md), `ctr-remote` converts this image into the [OCI starndard compliant image](https://github.com/opencontainers/image-spec/).
 OCI image also can run on most of modern container runtimes.