LinuxKit - Know the next solution for containers

Wercker is a Docker-Native CI/CD Automation platform for Kubernetes & Microservice Deployments

Brena Monteiro
Brena Monteiro
July 20, 2017

The big news in the Docker world of late is the announcement of LinuxKit, which Docker developers created in conjunction with Intel, IBM, ARM and Microsoft. LinuxKit is a modular, compact, secure and portable framework for building tiny Linux-based operating systems that you can run inside a Docker container to serve as an application host.

Below, I provide a hands-on look at LinuxKit. I’ll explain in more detail what it is, then walk through an example of using it to create a Docker image.

 

What is Linuxkit? 

LinuxKit, as its name implies, is a set of tools for creating minimal Linux distributions. It is developed inside a container and makes the notes of its dependencies inside this same container. Initially it seems a bit confusing, but once you understand how LinuxKit works, you'll realize it's a cool idea. 

LinuxKit is minimized Linux that contains dependencies that will only be used according to the configuration that will be made in the generation of a distribution. This distribution can be run in a cloud like AWS, Azure and Google Cloud.

For those who have been using Linux for a long time, LinuxKit recalls the time when we recompiled the kernel to create Linux distributions. The difference is that with LinuxKit, this is done on a large scale, much more easily, without constant fear of upgrading the kernel and causing the distribution to stop working, or to start presenting compatibility problems with the dependencies used so that a new distribution has to be recompiled.

LinuxKit works with Moby, which will convert the yaml file into a bootable image. Yaml is a people-readable data encoding file, similar to XML.

 

Creating a LinuxKit image

We will create an image with LinuxKit using Docker. The steps below were performed on a computer running the MacOS Sierra operating system. Before we start, we need:

  • A Docker account
  • The Edge edition of Docker for Mac installed. 

To run Docker:

$ docker run dockercloud/cli -h
$ brew install docker-cloud

Check the installed version of Docker:

 $ docker-cloud -v

 Download the LinuxKit: 

$ git clone https://github.com/linuxkit/linuxkit.git

Access the LinuxKit folder: 

$ cd linuxkit

Run make:

$ make 

Copy moby to your bin folder: 

$ cp bin/moby /usr/local/bin/

Log into Docker:

$ docker login

Type your username, password and email, and list the files inside the LinuxKit folder:

$ ls

 

Image 2017-06-16 at 4.18.26 pm.png

 

Access the examples folder: 

$ cd examples

 

Image 2017-06-16 at 4.19.58 pm.png

 

This folder has examples that can be used initially for learning. in the future, they can be used as examples for creating new images.

As you can see, I’ve created an image file using the command:

$ moby build swap.yml

 

Image 2017-06-16 at 4.22.42 pm.png

 

Adding the LinuxKit image to Docker 

At this point, the swap.iso file has been generated, which can be used for the pull in Docker through the command:
$ docker image pull swap.iso

Now your image is in the cloud, and can be run from there. Below are the contents of the swap.yaml file to be analyzed, with some important comments to make it easier to understand:

 

  • kernel: Contains a version of the kernel and the system modules.
  • init: The base init of the system, decompressed as the base system.
  • onboot: Containers of the systems executed sequentially.
  • services: Services that run while running the active system.
  • outputs: Creation process on different platforms, such as ISO.

 

kernel:
image: "linuxkit/kernel:4.9.x"
cmdline: "console=ttyS0 console=tty0 page_poison=1"
init:
- linuxkit/init:42fe8cb1508b3afed39eb89821906e3cc7a70551
- linuxkit/runc:24dfe632ed3ff53a026ee3fac046fd544434e2d6
- linuxkit/containerd:f1130450206d4f64f0ddc13d15bb68435aa1ff61
- linuxkit/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
onboot:
- name: sysctl
image: "linuxkit/sysctl:225c52c2d6f04a040663bac84cabf81825027f64"
- name: binfmt
image: "linuxkit/binfmt:603e5f064b3e8a64088c0fcf7a80d2783541ee1d"
- name: dhcpcd
image: "linuxkit/dhcpcd:ae03169274d19fe8841314fa5a6fea3c61adbf4e"
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: format
image: "linuxkit/format:d78093e943f9c88386e30c00353f9476d34fb551"
binds:
- /dev:/dev
 capabilities:
- CAP_SYS_ADMIN
- CAP_MKNOD
- name: mount
image: "linuxkit/mount:fc7164d7c4e1fe5d1da395c7f949fb332cffe752"
binds:
- /dev:/dev
- /var:/var:rshared,rbind
capabilities:
- CAP_SYS_ADMIN
rootfsPropagation: sharedcommand: ["/mount.sh", "/var/external"]
- name: swap
image: "linuxkit/swap:c4c723a3d6678dc49770181bbb231ec99b271c75"
net: host
pid: host
capabilities:
- CAP_SYS_ADMIN
- CAP_MKNOD
readonly: true
binds:
- /var:/var
- /dev:/dev
# to use unencrypted swap, use:
# command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G"]
command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G", "--encrypt"]
services:
- name: rngd
image: "linuxkit/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
- name: nginx
image: "nginx:alpine"
capabilities:
- CAP_NET_BIND_SERVICE
- CAP_CHOWN
- CAP_SETUID
- CAP_SETGID
- CAP_DAC_OVERRIDE
net: host
trust:
image:
- linuxkit/kernel
outputs:
- format: kernel+initrd
- format: iso-bios
- format: iso-efi

 

As we can see in the code above, the kernel, init, onboot, services and output lines are where we will receive the changes we want. The whole file can be rewritten any way we’d like. With Linux, everything inside it is a file and can be edited.

 

Conclusion

As we can see, LinuxKit is not as complicated as it seems. On the contrary, it is a robust and extremely important, versatile tool. We can create a system based on Linux easily, with the possibility to write the whole system. In the example provided in this article, after writing the code, we asked to generate an image so that we can climb to the cloud inside Docker. And once inside Docker, LinuxKit runs and calls the dependencies that were written to the system, and that's it. Docker takes care of the rest, and the system is extremely lean.

 

About the Author

Brena Monteiro is a software engineer with experience in the analysis and development of systems. She is a free software enthusiast and an apprentice of new technologies.

 

Like Wercker?

We’re hiring! Check out the careers page for open positions in Amsterdam, London and San Francisco.

As usual, if you want to stay in the loop follow us on twitter @wercker or hop on our public slack channel. If it’s your first time using Wercker, be sure to tweet out your #greenbuilds, and we’ll send you some swag! 

Topics: Containers, Tutorials