Collection of system containers images
Switch branches/tags
Clone or download
langemar and rh-atomic-bot Update README.md
We need to add the label to the atomic pull command in order to pull the pre-build container from local docker registry (This is f.e. documented for the net-snmp container)
Closes: #174
Approved by: ashcrow
Latest commit 6d8269b May 7, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
azure
buildah-fedora
docker-centos
docker-fedora docker-fedora: specify --bind-mount-prefix=/host Apr 17, 2018
etcd
flannel
hello-world
kubeadm
kubernetes-apiserver
kubernetes-controller-manager fix uid/gid, bind mount /var/run/kubernetes in apiserver Oct 23, 2017
kubernetes-kubelet kubelet: Add ${STATE_DIR}/kubelet to tmpfiles Feb 21, 2018
kubernetes-master
kubernetes-node
kubernetes-proxy
kubernetes-scheduler
lint
net-snmp
open-vm-tools-centos
ovirt-guest-agent-centos
ovirt-guest-agent-fedora
qemu-guest-agent
.papr.yml
FILES.md doc: Add FILES.md with blurbs about expected files May 30, 2017
LABELS.md
README.md
USAGE.md
test.sh

README.md

System Containers

As part of our effort to reduce the number of packages that are shipped with the Atomic Host image, we faced the problem of how to containerize services that are needed to be run before a container runtime, like the upstream docker daemon, is running. The result: system containers: a way to run containers in production using read only images.

A system container is a container that is executed out of an systemd unit file early in boot, using runc. The specified IMAGE must be a system image already fetched. If it is not already present, atomic will attempt to fetch it assuming it is an oci image. Installing a system container consists of checking it the image by default under /var/lib/containers/atomic/ and generating the configuration files for runc and systemd. OSTree and runc are required for this feature to be available.

System containers use different technologies:

  • We use the atomic tool to install system containers.
  • Labels can influence how the atomic tool uses a system container
  • Specific files are required to be part of a valid system image
  • For storage system containers do not need to use COW File systems, since they are in production. We default to using OSTree for storage of the container images.
  • The atomic tool does not use upstream docker to pull the container images, instead we use the Skopeo tool to pull images from a container registry.
  • When you atomic install a system container the tool will look for a systemd unit file template in /exports directory and will create a systemd unit file to run the container on the host.
  • The unit files uses runc to create and run the containers.
  • systemd manages the lifecycle of the container.

To use system containers you must have Atomic CLI version 1.12 or later and the ostree utility installed.

For more information on system containers see: