Skip to content

simran3695/oci

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Build Status

EC OCI Spec

Running the EC agent artifact within a docker image is not recommended due the dependancy of the underlying linux cgroup with docker.

The cgroup lives in the docker core which by design requires a sudoer permission from the guest system. Docker users who wish to level up the security by running a non-sudoer user inside the container should avoid the volume-sharing on the guest host.

Because of this, it is highly recommended to running this image as a rootless/unpriviliged container. Please refer to runc and linux cgroup man man cgroups for further study.

The open-source projects adoption flow- cgroup >> runc + nsenter >> moby >> docker

The root permission per se defeats the purpose of EC rootless-connectivity model and ultimately create several security leaks on the guest host. However, it is worth to note that running a standalone agent does NOT require a sudoer/root permission. Please refer to the agent source code repo for the standalone deployment. Users with restrict security environemnt one such as AWS GovCloud should consider using a self-build image based on the spec examples in this repo.

The EC Agent OCI image is currently maintained on public docker hub; the usage spec avaialble in several compute environments. Visit the EC usage examples or the wiki if new to EC.

OCI (Open Container Initiative) is a contionue trademark of the Open Container Initiative Community and currently governed by the community charters

Docker Tags

build agent-related artifacts

pull example

docker pull enterpriseconnect/build:v1beta

available tags

tag usage

  • v1 refers to the image to build agent #212+-relate releases.
  • v1beta refers to the image to build agent #1724+-relate releases.
  • v1.1beta refers to the image to build agent #2721+-relate releases.

agent in containers

pull example

docker pull enterpriseconnect/agent:v1beta

avaialble taga

Tag usage

  • v1 refers to agent #212 release.
  • v1beta include agent #1724 candidate release.
  • <tag>-build include the series of tool to build out an agent release.

How to run

In this container spec example, the pre-defined agent image is launched by using docker. The agent flags in this example are converted into several environment variables that are required based on the <path/to/this/repo>/spec/<agent-mode>.yml for a EC usage. For instance, to launch a client-mode agent container, it is required to ingest env vars EC_AID, EC_TID, EC_HST, etc.

The env variables specified in --env-file will need to be replaced by a series of relevant flags as it is shown in the example yaml file.

docker run --env-file client.list \
  enterpriseconnect/agent:v1

For the usage of docker flag -e, please refer to this example

Kubernates Deployment example

When deploy the agent in a k8s instance, the necessary environment variables as specified in the example /path/to/the/repo/k8s/agent-<object>.yml. k8s users may utilise any custom objects such as a configmap plugin to help in its configuration.

About

Agent OCI Specs for various of Compute Envs.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Dockerfile 100.0%