nydus-snapshotter

module

v0.0.0-...-3cab0da Latest Latest Go to latest Published: Jan 27, 2022 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dragonflyoss/image-service

README ¶

Nydus Snapshotter

Start Containerd

For using nydus snapshotter with containerd, you need to install containerd beyond version 1.4.0, please refer to this guide for more details. To add the nydus snapshotter plugin, add the plugin to containerd's config file (by default at /etc/containerd/config.toml).

# Plug nydus snapshotter into containerd
# Containerd recognizes nydus snapshotter through specified socket address.
# The specified address below is the default which nydus snapshotter listen to.
[proxy_plugins]
  [proxy_plugins.nydus]
    type = "snapshot"
    address = "/run/containerd-nydus/containerd-nydus-grpc.sock"

# Use nydus as default snapshot through CRI
[plugins."io.containerd.grpc.v1.cri".containerd]
   snapshotter = "nydus"

Then you can start containerd in one terminal with following command.

$ /path/to/containerd --config /etc/containerd/config.toml

Setting up the Nydus snapshotter

Generate Nydus config

You can configure nydus snapshotter with custom configurations. The config file must be formatted with json and can be passed to nydus snapshotter with --config-path option. Your configuration file should look like below, where value of auth is a based64-encoded username:password string. You can generate it using echo -n 'username:password' | base64.

{
  "device": {
    "backend": {
      "type": "registry",
      "config": {
        "scheme": "https",
        "auth": "<registry auth token>",
        "timeout": 5,
        "connect_timeout": 5,
        "retry_limit": 0
      }
    },
    "cache": {
      "type": "blobcache",
      "config": {
        "work_dir": "/tmp/cache"
      }
    }
  },
  "mode": "direct",
  "digest_validate": true,
  "iostats_files": true,
  "enable_xattr": true,
  "fs_prefetch": {
    "enable": true,
    "threads_count": 10,
    "merging_size": 131072
  }
}

Start Nydus snapshotter

Nydus snapshotter is implemented as a proxy plugin daemon (containerd-nydus-grpc) for containerd. You can start the daemon as following

# nydusd-path is the path of nydusd binary, you need to compile the binary first
# address is the socket address that you configured in containerd config file
# root is the path of nydus snapshotter
# config-path is the path of your nydus configuration file you just generated

$ ./containerd-nydus-grpc \
  --nydusd-path /bin/nydusd \
  --config-path /etc/nydus/config.json \
  --root /var/lib/containerd/io.containerd.snapshotter.v1.nydus \
  --address /var/run/containerd-nydus/containerd-nydus-grpc.sock

Check nydus snapshotter

There is a default cli named ctr based on the GRPC api for containerd. This cli will allow you to create and manage containers run with containerd. And you can check if nydus snapshotter has started successfully by running the following commands:

$ ctr -a /run/containerd/containerd.sock plugin ls | grep nydus

Using nydus snapshotter

Download crictl tools

crictl is a tool to help developers debug their runtime without needing to set up Kubernetes components. crictl can be downloaded from cri-tools release page:

VERSION="v1.17.0"
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz

Create crictl config

The runtime endpoint can be set in the config file. Please refer to crictl document for more details.

$ cat crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: true

Have fun with nydus

You can create a container in the pod sandbox with config file.

$ cat pod-config.yaml
metadata:
  attempt: 1
  name: nydus-sandbox
  namespace: default
  uid: hdishd83djaidwnduwk28bcsb
log_directory: /tmp
linux:
  security_context:
    namespace_options:
      network: 2
annotations:
  "io.containerd.osfeature": "nydus.remoteimage.v1"

$ cat container-config.yaml
metadata:
  name: nydus-container
image:
  image: <nydus-image>
command:
- /bin/sleep
args:
- 600
log_path: container.1.log

#auth is base64 of registry username:password
$ crictl --config ./crictl.yaml run \
 --auth <base64 of registry auth> \
 ./container-config.yaml ./podsandbox-config.yaml

List and check running nydus container.

$ crictl --config ./crictl.yaml ps

Attach into nydus container.

$ crictl --config ./crictl.yaml exec -it <containerID> bash

Directories ¶

Path	Synopsis
cmd
containerd-nydus-grpc
containerd-nydus-grpc/app/snapshotter
containerd-nydus-grpc/pkg/command
containerd-nydus-grpc/pkg/logging
config
export
snapshotter
pkg
auth
cache
daemon
errdefs
filesystem/fs
filesystem/meta
filesystem/nydus
filesystem/stargz
label
metric
metric/exporter
metric/ttl
nydussdk
nydussdk/model
process
signature
snapshot
store
utils/mount
utils/registry
utils/retry
utils/signals
utils/signer
snapshot

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL