https://github.com/nasdaq/oci-injector-hook

Inject files and devices into OCI containers
https://github.com/nasdaq/oci-injector-hook

containers golang oci oci-runtime

Last synced: 11 months ago
JSON representation

Inject files and devices into OCI containers

• Host: GitHub
• URL: https://github.com/nasdaq/oci-injector-hook
• Owner: Nasdaq
• License: apache-2.0
• Created: 2019-11-30T21:23:10.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2019-12-30T17:39:20.000Z (over 6 years ago)
• Last Synced: 2024-05-07T18:22:45.086Z (about 2 years ago)
• Topics: containers, golang, oci, oci-runtime
• Language: Go
• Size: 56.6 KB
• Stars: 8
• Watchers: 3
• Forks: 1
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# oci-injector-hook

It is sometimes useful to inject platform-specific files and devices into an OCI container at runtime.

Common use cases include device drivers (GPUs, network adapters, FPGAs, etc).

This hook uses the [POSIX-platform Hooks](https://github.com/opencontainers/runtime-spec/blob/master/config.md#posix-platform-hooks) from the OCI Runtime Spec to inject these files into a container's rootfs before the container is started.

## Supported File Types

* Devices (not yet implemented) - Device files under /dev/

* Directories - create directories in the container rootfs

* Binaries - exectuable binaries

* Libraries - library files (updates ld.so.cache)

* Miscellaneous - ordinary files to copy in (chmod +x/ldconfig not required)

## Configuration

Configurations are definied in .json files placed in the `/etc/oci-injector-hook/` directory.  Each configuration has an `activation_flag`, which indicates an environment variable that must be present in the container's environment for the hook to execute.

The `activation_flag` can either be the name of an environment variable (`VAR`) or a variable with a value (`VAR=value`).

When a name is given the hook will run when the environment variable is present, when a variable with a value is given the hook will only run when the variable is present with the given value.

An example configuration file:

`/etc/oci-injector-hook/foo.json`

```

{

  "activation_flag": "OCI_FOO",

  "devices": [ "/dev/foo" ],

  "binaries": [ "/usr/bin/runfoo" ],

  "libraries": [ "/usr/lib64/libfoo.so" ],

  "directories": [ "/etc/foo" ],

  "miscellaneous": [ "/etc/foo/config.json" ]

}

```

## License

This project is licensed under the Apache-2.0 License

## Inspiration

This project was inspired by work done in the following projects to support SolarFlare Network Adapters:

* https://github.com/zvonkok/oci-decorator

* https://github.com/solarflarecommunications/sfc-k8s-prestart-hook