-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathContainerfile.dev
More file actions
113 lines (100 loc) · 4.91 KB
/
Containerfile.dev
File metadata and controls
113 lines (100 loc) · 4.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# k3rs development container — Linux environment for OCI + Firecracker backends
#
# Build: podman build -f Containerfile.dev -t k3rs-dev .
# Run: ./scripts/dev-podman.sh
#
# Provides:
# - Rust toolchain (stable + musl targets)
# - OCI runtimes: youki, crun
# - Firecracker: KVM passthrough (/dev/kvm)
# - cargo-watch for auto-reload dev loop
# - Full workspace mount at /workspace
# Trixie has glibc 2.39 so pre-built dx (dioxus-cli) binary runs; Bookworm has 2.36
FROM rust:1.93.1-trixie
# ─── System deps ──────────────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
# Build essentials
build-essential pkg-config libssl-dev cmake \
# OCI runtime deps
libseccomp-dev libyajl-dev \
# Firecracker / KVM
qemu-utils iproute2 iptables \
# Container networking
uidmap slirp4netns \
# Dev tools
nodejs npm curl jq git strace procps \
# Cleanup
&& rm -rf /var/lib/apt/lists/* \
&& npm install -g pm2
# ─── Rust targets + tools ────────────────────────────────────────────
ARG DIOXUS_CLI_VERSION=0.7.3
RUN rustup target add \
x86_64-unknown-linux-musl \
aarch64-unknown-linux-musl \
&& cargo install cargo-watch --locked \
&& ( ARCH=$(uname -m); \
if [ "$ARCH" = "aarch64" ]; then \
curl -fsSL "https://github.com/DioxusLabs/dioxus/releases/download/v${DIOXUS_CLI_VERSION}/dx-aarch64-unknown-linux-gnu.tar.gz" -o /tmp/dx.tar.gz \
&& tar xzf /tmp/dx.tar.gz -C /tmp \
&& install -m 755 /tmp/dx /usr/local/bin/dx 2>/dev/null || install -m 755 /tmp/dx-*/dx /usr/local/bin/dx \
&& rm -rf /tmp/dx /tmp/dx.tar.gz /tmp/dx-*; \
else \
CARGO_BUILD_JOBS=1 cargo install dioxus-cli --locked --version "=${DIOXUS_CLI_VERSION}"; \
fi ) \
&& dx --version
# ─── Install youki (OCI runtime) ─────────────────────────────────────
ARG YOUKI_VERSION=0.6.0
RUN ARCH=$(uname -m) && \
case "$ARCH" in \
x86_64) YOUKI_ARCH="x86_64" ;; \
aarch64) YOUKI_ARCH="aarch64" ;; \
esac && \
curl -fsSL "https://github.com/youki-dev/youki/releases/download/v${YOUKI_VERSION}/youki_${YOUKI_VERSION}_linux_${YOUKI_ARCH}.tar.gz" \
| tar xz -C /usr/local/bin/ youki && \
chmod +x /usr/local/bin/youki && \
youki --version || true
# ─── Install crun (OCI runtime) ──────────────────────────────────────
ARG CRUN_VERSION=1.26
RUN ARCH=$(uname -m) && \
curl -fsSL "https://github.com/containers/crun/releases/download/${CRUN_VERSION}/crun-${CRUN_VERSION}-linux-${ARCH}" \
-o /usr/local/bin/crun && \
chmod +x /usr/local/bin/crun && \
crun --version || true
# ─── Install Firecracker (x86_64 only) ───────────────────────────────
ARG FIRECRACKER_VERSION=1.12.0
RUN ARCH=$(uname -m) && \
if [ "$ARCH" = "x86_64" ]; then \
curl -fsSL "https://github.com/firecracker-microvm/firecracker/releases/download/v${FIRECRACKER_VERSION}/firecracker-v${FIRECRACKER_VERSION}-${ARCH}.tgz" \
| tar xz -C /tmp && \
mv /tmp/release-v${FIRECRACKER_VERSION}-${ARCH}/firecracker-v${FIRECRACKER_VERSION}-${ARCH} /usr/local/bin/firecracker && \
mv /tmp/release-v${FIRECRACKER_VERSION}-${ARCH}/jailer-v${FIRECRACKER_VERSION}-${ARCH} /usr/local/bin/jailer && \
chmod +x /usr/local/bin/firecracker /usr/local/bin/jailer && \
rm -rf /tmp/release-* && \
firecracker --version; \
else \
echo "Firecracker not available for $ARCH — skipping"; \
fi
# ─── Runtime directories ─────────────────────────────────────────────
RUN mkdir -p \
/tmp/k3rs-config/certs \
/tmp/k3rs-data/server \
/tmp/k3rs-data/runtime/containers \
/tmp/k3rs-data/runtime/vms \
/tmp/k3rs-data/bin \
/tmp/k3rs-logs
# ─── Workspace ────────────────────────────────────────────────────────
WORKDIR /workspace
# Pre-warm cargo registry cache (optional, speeds up first build)
COPY Cargo.toml Cargo.lock* ./
COPY cmd/ ./cmd/
COPY pkg/ ./pkg/
RUN cargo fetch 2>/dev/null || true
# Reset for bind-mount at runtime
RUN rm -rf /workspace/*
EXPOSE 6443 6444 10256 5353
# Limit parallel jobs to avoid OOM when linking (e.g. k3rs-server); increase if container has more memory
ENV CARGO_BUILD_JOBS=2
ENV RUST_LOG=debug
ENV K3RS_DATA_DIR=/var/lib/k3rs/data
ENV K3RS_RUNTIME=youki
CMD ["bash"]