Slides
-
What is Firecracker?
-
Benefits of Firecracker
-
Firecracker Design Principles
Slides
-
Firecracker Design
-
REST API
Slides
Slides
Prep Work
-
Create an
m5.metalinstance using Amazon Linux 2 on EC2 and login:ssh -i ~/.ssh/arun-us-east1.pem ec2-user@<ip-address>
Code
-
Clone and build
firectl:sudo yum install -y git git clone https://github.com/firecracker-microvm/firectl sudo amazon-linux-extras install -y golang1.11 cd firectl make
-
Firecracker uses KVM and needs read/write access that can be granted as shown below:
sudo setfacl -m u:${USER}:rw /dev/kvm -
Download the Firecracker binary:
curl -LOJ https://github.com/firecracker-microvm/firecracker/releases/download/v0.15.2/firecracker-v0.15.2 chmod +x firecracker-v0.15.2 sudo mv firecracker-v0.15.2 /usr/local/bin/firecracker
-
Download an Alpine Linux-based test kernel and a root filesystem:
curl -fsSL -o hello-vmlinux.bin https://s3.amazonaws.com/spec.ccfc.min/img/hello/kernel/hello-vmlinux.bin curl -fsSL -o hello-rootfs.ext4 https://s3.amazonaws.com/spec.ccfc.min/img/hello/fsfiles/hello-rootfs.ext4
-
Create microVM:
./firectl \ --kernel=hello-vmlinux.bin \ --root-drive=hello-rootfs.ext4
-
Terminal 1 shows a login prompt:
Welcome to Alpine Linux 3.8 Kernel 4.14.55-84.37.amzn2.x86_64 on an x86_64 (ttyS0) localhost login:
-
Log in as
rootwith passwordroot -
Show the filesystem:
ls /
-
Shutdown the machine:
reboot
-
Start the machine again:
sudo setfacl -m u:${USER}:rw /dev/kvm ./firectl \ --kernel=hello-vmlinux.bin \ --root-drive=hello-rootfs.ext4 -
In another terminal, login to the same EC2 instance:
ssh -i ~/.ssh/arun-us-east1.pem ec2-user@<ip-address>
-
Query the microVM:
$ curl --unix-socket ~/.firecracker.sock-* http://localhost/ {"id":"anonymous-instance","state":"Running","vmm_version":"0.15.2"} -
Get more details about the microVM:
$ curl --unix-socket ~/.firecracker.sock-* http://localhost/machine-config { "vcpu_count": 1, "mem_size_mib": 512, "ht_enabled": true, "cpu_template": "Uninitialized" }Show the vCPU and memory size.
-
Try to update the vCPU:
$ curl --unix-socket ~/.firecracker.sock-* -X PUT http://localhost/machine-config -d '{ "vcpu_count": 2}' { "fault_message": "The update operation is not allowed after boot." } -
Try to shutdown the VM using by sending
SendCtrlAltDelaction:curl --unix-socket ~/.firecracker.sock-* -X PUT http://localhost/actions -d '{ "action_type": "SendCtrlAltDel" }'Explain that this will not work. Firecracker emulates a standard AT keyboard, connected via an i8042 controller. The required device drivers are not enabled in this kernel.
-
Download a Ubuntu-based test kernel and Xenial root filesystem, that has the device drivers enabled:
curl -fsSL -o vmlinux.bin https://s3.amazonaws.com/spec.ccfc.min/img/ubuntu_with_ssh/kernel/vmlinux.bin curl -fsSL -o xenial.rootfs.ext4 https://s3.amazonaws.com/spec.ccfc.min/img/ubuntu_with_ssh/fsfiles/xenial.rootfs.ext4
-
Start a new microVM using new kernel and filesystem:
sudo setfacl -m u:${USER}:rw /dev/kvm ./firectl \ --kernel=vmlinux.bin \ --root-drive=xenial.rootfs.ext4 -
Query the microVM again:
curl --unix-socket ~/.firecracker.sock-* http://localhost/machine-config
-
Shutdown the microVM using an action:
curl --unix-socket ~/.firecracker.sock-* -X PUT http://localhost/actions -d '{ "action_type": "SendCtrlAltDel" }'
Slides
-
Firecracker and Containerd
-
Firecracker and Kata Containers
Code
Waiting for aws/containers-roadmap#24.
-
Install eksctl CLI:
brew tap weaveworks/tap brew install weaveworks/tap/eksctl
-
Create EKS cluster:
eksctl create cluster --name kata --nodes 4
-
Install Kata:
kubectl apply -f https://raw.githubusercontent.com/kata-containers/packaging/master/kata-deploy/kata-rbac.yaml kubectl apply -f https://raw.githubusercontent.com/kata-containers/packaging/master/kata-deploy/kata-deploy.yaml
-
Deploy a pod using
kata-fcruntime:kubectl apply -f https://raw.githubusercontent.com/kata-containers/packaging/master/kata-deploy/examples/test-deploy-kata-fc.yaml
-
Get pod details:
kubectl describe pod <>