search

pdtpartners / nix-snapshotter

Brings native understanding of Nix packages to containerd
MIT License
566 stars 15 forks source link

Add support for gVisor #125

Closed elpdt852 closed 8 months ago

elpdt852 commented 8 months ago

Fix #121

I’m keen on getting gVisor working because that opens the door for other runtimes. Turns out, we can get it working for both rootful & rootless modes.

See: https://gvisor.dev/docs/user_guide/containerd/quick_start/

New options

virtualisation.containerd = {
  enable = true;
  nixSnapshotterIntegration = true;
  # Configures containerd settings for gVisor & adds pkgs.gvisor to containerd PATH
  # Also wraps `runsc` appropriately for rootless mode.
  # See: https://github.com/google/gvisor/issues/311#issuecomment-1121668954
  gVisorIntegration = true;
  # Sets the default CRI runtime to `runsc`
  defaultRuntime = "runsc";
}
elpdt852 commented 8 months ago

I'm able to run the test on my machine successfully but not on our github action runners. Seems like dmesg is blocked by something (KVM?)