cloudfoundry / garden-runc-release

Apache License 2.0
66 stars 78 forks source link
cff-wg-app-runtime-platform

Garden-runC Release

A BOSH release for deploying Guardian.

Guardian is a simple single-host OCI container manager. It implements the Garden API which is used in Cloud Foundry.

Getting started

Clone it:

git clone https://github.com/cloudfoundry/garden-runc-release
cd garden-runc-release
git submodule update --init --recursive

Running

See the bosh-lite deployment wiki page

Usage

The easiest way to start creating containers is to use the gaol command line client.

e.g. gaol -t 10.244.0.2:7777 create -n my-container

For more advanced use cases, you'll need to use the Garden client package for Golang.

Operating garden-runc

Operator's guide.

Security Features

The following doc provides an overview of security features on Garden vs Docker vs Kubernetes.

Security overview.

Contributing

See the Contributing.md for more information on how to contribute.

Don't panic

>= v1.17.2:

If you have a problem with garden-runc, don't panic! There is a tool that you can use to gather information useful for debugging issues on garden-runc-release deployments. Run this command on the deployment VM as root:

/var/vcap/packages/dontpanic/bin/dontpanic

N.B. From v1.18.3, if your BOSH environment has BPM enabled for Garden, dontpanic should still be run from the host, not from within the BPM container.

<= v1.17.1:

If running an earlier version of Garden, you can download the latest release of dontpanic from its repo here and run it as root from the VM running the Garden job.

eg: wget https://github.com/cloudfoundry/dontpanic/releases/download/v1.0/dontpanic && chmod +x ./dontpanic && ./dontpanic.

N.B. If your BOSH environment has BPM enabled for Garden, dontpanic should still be run from the host, not from within the BPM container.

Maintainers

See the list of MAINTAINERS and their contact info.

License

Apache License 2.0