Skip to content

Instantly share code, notes, and snippets.

@ajeetraina

ajeetraina/gist:ac983ea54d407ab82ba1f4d542d9c1b2

Created May 7, 2018 04:57
Show Gist options
  • Save ajeetraina/ac983ea54d407ab82ba1f4d542d9c1b2 to your computer and use it in GitHub Desktop.
Save ajeetraina/ac983ea54d407ab82ba1f4d542d9c1b2 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. ajeetraina created this gist May 7, 2018.
    113 changes: 113 additions & 0 deletions gistfile1.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,113 @@
    # This is an example for building the open source components of Docker for Mac
    kernel:
    image: linuxkit/kernel:4.14.39
    cmdline: "console=ttyS0 page_poison=1"
    init:
    - linuxkit/vpnkit-expose-port:4e2ea826aaefdd196c7473255654d06ad96c4c21 # install vpnkit-expose-port and vpnkit-iptables-wrapper on host
    - linuxkit/init:11929b0007b87384f7372e9265067479c4616586
    - linuxkit/runc:acba8886e4b1318457c711700f695a02fef9493d
    - linuxkit/containerd:f197e7cbb2ede4370b75127c76de6f7b2e3d9873
    - linuxkit/ca-certificates:fb5c7bf842a330f5b47cdf71f950fe0c85f4a772
    onboot:
    # support metadata for optional config in /run/config
    - name: metadata
    image: linuxkit/metadata:be507a0718df8ed6733dfab1d6866672f446e8fd
    - name: sysctl
    image: linuxkit/sysctl:b51c3da02bc2fc9a53f699efc51f650ac17ffac8
    - name: sysfs
    image: linuxkit/sysfs:98b340d360541f1e1e62bc30b62ab6a7e3dc9280
    - name: binfmt
    image: linuxkit/binfmt:aa7909fd14c251948a83edb5398b4fb7d5153ad1
    # Format and mount the disk image in /var/lib/docker
    - name: format
    image: linuxkit/format:d24885a226c42a40f7ed44dd3789a6a035254d98
    - name: mount
    image: linuxkit/mount:763e67d733342281f3bdc55d7208b9c442837afe
    command: ["/usr/bin/mountie", "/var/lib"]
    # make a swap file on the mounted disk
    - name: swap
    image: linuxkit/swap:d4241eabbc9086d30e462bfa6bb952fd4e6b74eb
    command: ["/swap.sh", "--path", "/var/lib/swap", "--size", "1024M"]
    # mount-vpnkit mounts the 9p share used by vpnkit to coordinate port forwarding
    - name: mount-vpnkit
    image: alpine:3.7
    binds:
    - /var/:/host_var:rbind,rshared
    capabilities:
    - CAP_SYS_ADMIN
    rootfsPropagation: shared
    command: ["sh", "-c", "mkdir -p /host_var/vpnkit/port && mount -v -t 9p -o trans=virtio,dfltuid=1001,dfltgid=50,version=9p2000 port /host_var/vpnkit"]
    # move logs to the mounted disk (this is a temporary fix until we can limit the log sizes)
    - name: move-logs
    image: alpine:3.7
    binds:
    - /var:/host_var
    command: ["sh", "-c", "mv -v /host_var/log /host_var/lib && ln -vs /var/lib/log /host_var/log"]
    - name: dhcpcd
    image: linuxkit/dhcpcd:01069780f536da8eb7745df7478a97253403b63d
    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
    services:
    # Enable acpi to shutdown on power events
    - name: acpid
    image: linuxkit/acpid:6c05004a07f4f9228aec89605d5c72b184695d2a
    # Enable getty for easier debugging
    - name: getty
    image: linuxkit/getty:b286a610ccbebc45251f3a9df3619d76318e2244
    env:
    - INSECURE=true
    # Run ntpd to keep time synchronised in the VM
    - name: ntpd
    image: linuxkit/openntpd:9851e80f16e4292b12fbe97b9d7f1c3dd40d1ea2
    # VSOCK to unix domain socket forwarding. Forwards guest /var/run/docker.sock
    # to a socket on the host.
    - name: vsudd
    image: linuxkit/vsudd:ef2fd68237c6fc1a3b97b37012ad81bf9643be4b
    binds:
    - /var/run:/var/run
    command: ["/vsudd", "-inport", "2376:unix:/var/run/docker.sock"]
    # vpnkit-forwarder forwards network traffic to/from the host via VSOCK port 62373.
    # It needs access to the vpnkit 9P coordination share
    - name: vpnkit-forwarder
    image: linuxkit/vpnkit-forwarder:49b506c4dab8789fd42b216c35a4eb1cca503b32
    binds:
    - /var/vpnkit:/port
    net: host
    command: ["/vpnkit-forwarder", "-vsockPort", "62373"]
    # Monitor for image deletes and invoke a TRIM on the container filesystem
    - name: trim-after-delete
    image: linuxkit/trim-after-delete:9e62cea1246d66659bc1a74987f5f4c40e04de83
    # When the host resumes from sleep, force a clock resync
    - name: host-timesync-daemon
    image: linuxkit/host-timesync-daemon:921f623f1d12b7a79417370c4628752c495e7ee8
    # Run dockerd with the vpnkit userland proxy from the vpnkit-forwarder container.
    # Bind mounts /var/run to allow vsudd to connect to docker.sock, /var/vpnkit
    # for vpnkit coordination and /run/config/docker for the configuration file.
    - name: docker-dfm
    image: docker:17.07.0-ce-dind
    capabilities:
    - all
    net: host
    mounts:
    - type: cgroup
    options: ["rw","nosuid","noexec","nodev","relatime"]
    binds:
    - /etc/resolv.conf:/etc/resolv.conf
    - /var/lib/docker:/var/lib/docker
    - /lib/modules:/lib/modules
    - /var/vpnkit:/port # vpnkit control 9p mount
    - /var/run:/var/run
    - /run/config/docker:/var/config/docker
    - /usr/bin/vpnkit-expose-port:/usr/bin/vpnkit-expose-port # userland proxy
    - /usr/bin/vpnkit-iptables-wrapper:/usr/bin/iptables # iptables wrapper
    command: [ "/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",
    "--config-file", "/var/config/docker/daemon.json",
    "--swarm-default-advertise-addr=eth0",
    "--userland-proxy-path", "/usr/bin/vpnkit-expose-port",
    "--storage-driver", "overlay2" ]
    runtime:
    mkdir: ["/var/lib/docker"]

    trust:
    org:
    - linuxkit
    - library