/firecracker-init-lab

Build a Firecracker microVM from a container image

Primary LanguageShellMIT LicenseMIT

firecracker-init-lab

Build a microVM from a container image

Many of the examples you'll find are broken due to changes in Firecracker 1.0 - the official quickstart guide doesn't cover the most interesting thing - working Internet access - or extracting a filesystem from a container. This lab extends the official quickstart so that you can explore what an init process does, and add networking.

Pre-reqs

  • A bare-metal Linux host
  • Or a VM that supports nested virtualisation such as on DigitalOcean or GCP.
  • Docker installed

Browse:

Usage

Download and install Firecracker to /usr/local/bin/

Create ftap0 and masquerading with iptables:

./setup-networking.sh

Make the init process binary, and package it into a container, extract the container into a rootfs image:

make all

In one terminal, start firecracker:

make start

In another, instruct it to boot the rootsfs and Kernel:

make boot

Play around in the first terminal and explore the system:

free -m
cat /proc/cpuinfo
ip addr
ip route

echo "nameserver 1.1.1.1" > /etc/resolv.conf
ping google.com

Running on a Raspberry Pi

Edit Makefile, and change arch to aarch64

export arch="x86_64"

Live-event - A cracking time with Richard Case of Weaveworks

Richard Case will join me as we explain to you why we're so excited about Firecracker, what use-cases we see and try to show you a little of what can be done with it. Richard's been at the sharp end of this technology for months, and is working on a cutting edge bare-metal Kubernetes project called Liquid Metal.

Live stream

You'll hear more about it on Friday lunch at 12:00pm BST.

Subscribe & remind

If you can't make it live, then you'll be able to jump onto the replay with your morning coffee.