ContextQMD
Back to Linuxkit

Development report for 9 April 2017

reports/2017-04-09.md

1.8.23.1 KB
Original Source

Development report for 9 April 2017

The fifth weekly development report. Feel free to send PRs if you want to add to these reports (or correct them).

New Contributors

Ilya @errordeveloper (Weave) has started working on Kubernetes support. This also fits with the infrakit etcd demo that Rolf is working on. The aim is to do both a desktop version and later a full production quality deployment with high availability.

Dave @dave-tucker is working on CI, and the roadmap for testing.

Welcome everyone, looking forward to your contributions and working with you. Please open issues on github if you need help, or ask on #moby in the Docker community slack.

Projects

Ian @ijc25 added a swarmd project, that incorporates his WIP patches to run swarmkit standalone using just containerd rather than Docker.

There were updates to okernel and miragesdk.

We added a roadmap for the Landlock LSM support. Landlock is an eBPF based Linux Security Module being developed by @l0kod which promises to be an excellent match for containers.

This week

This was a busy week, with a lot of refactoring and rebasing.

The moby run command got backend support for GCP from @dave-tucker #1492 and qemu from @thebsdbox #1521.

We stopped using the riddler tool and added a direct conversion from the yaml config to OCI for running system contaniners. More config options were added, and there is now documentation for the yaml. We stopped using some of the previous names to standardise on names closer to the underlying OCI field names, from @justincormack.

@riyazdf added support for content trust settings in the yaml file and set up signing for the kernel, which will be rolled out to other images.

@shykes suggested some section renames which we implemented, the initial containers that run once are now "onboot" and the long running ones are "services", which is much clearer.

The init section was converted to a list, so runc and containerd can easily be updated independently.

The issues with shared mounts, and allowing containers to mount on the host were hopefully all resolved in #1557.

Planned for next week

  • switch to using containerd finally
  • arm64 prototypes
  • documentation
  • preparation for Dockercon, finalizing demos

Dockercon

  • there will be a talk by @justincormack on Moby (currently billed as containerd...)
  • there will be a Docker Security talk with @riyazdf (Secure Substrate: Least Privilege Container Deployment) that will highlight Moby
  • both these talks will have some time for demos
  • there will be a session and lots of time to talk at the Thursday summit - get in touch if you need an invite. Please add topics you would like to talk about to the list via PR.