Collection of system containers images
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
azure azure: Add nodocs to yum command Oct 10, 2017
buildah-fedora
docker-centos
docker-fedora
etcd
flannel
hello-world
kubeadm
kubernetes-apiserver fix uid/gid, bind mount /var/run/kubernetes in apiserver Oct 23, 2017
kubernetes-controller-manager fix uid/gid, bind mount /var/run/kubernetes in apiserver Oct 23, 2017
kubernetes-kubelet
kubernetes-master kubernetes-master: Update for lint Oct 10, 2017
kubernetes-node
kubernetes-proxy make uid/gid 0 explicit Dec 19, 2017
kubernetes-scheduler fix uid/gid, bind mount /var/run/kubernetes in apiserver Oct 23, 2017
lint lint: Works on Python 2 and 3 Oct 11, 2017
net-snmp Add `[Install]` section to net-snmp service template Jan 16, 2018
open-vm-tools-centos Update README.md May 7, 2018
ovirt-guest-agent-centos
ovirt-guest-agent-fedora ovirt-guest-agent: Update capability syntax Oct 28, 2017
qemu-guest-agent
.papr.yml .papr.yml: use distro-sync for the workaround Sep 19, 2017
FILES.md doc: Add FILES.md with blurbs about expected files May 30, 2017
LABELS.md Fix the example for atomic.run in LABELS.md Oct 11, 2017
README.md doc: Add USAGE.md and blog links Oct 4, 2017
USAGE.md doc: Add USAGE.md and blog links Oct 4, 2017
test.sh test.sh: use the preprocessed config.json.template file Aug 22, 2017

README.md

System Containers

As part of our effort to reduce the number of packages that are shipped with the Atomic Host image, we faced the problem of how to containerize services that are needed to be run before a container runtime, like the upstream docker daemon, is running. The result: system containers: a way to run containers in production using read only images.

A system container is a container that is executed out of an systemd unit file early in boot, using runc. The specified IMAGE must be a system image already fetched. If it is not already present, atomic will attempt to fetch it assuming it is an oci image. Installing a system container consists of checking it the image by default under /var/lib/containers/atomic/ and generating the configuration files for runc and systemd. OSTree and runc are required for this feature to be available.

System containers use different technologies:

  • We use the atomic tool to install system containers.
  • Labels can influence how the atomic tool uses a system container
  • Specific files are required to be part of a valid system image
  • For storage system containers do not need to use COW File systems, since they are in production. We default to using OSTree for storage of the container images.
  • The atomic tool does not use upstream docker to pull the container images, instead we use the Skopeo tool to pull images from a container registry.
  • When you atomic install a system container the tool will look for a systemd unit file template in /exports directory and will create a systemd unit file to run the container on the host.
  • The unit files uses runc to create and run the containers.
  • systemd manages the lifecycle of the container.

To use system containers you must have Atomic CLI version 1.12 or later and the ostree utility installed.

For more information on system containers see: