firebuild rootfs - gRPC with mTLS

the problem Currently, when a rootfs is built, the guest is started with an SSH server and the bootstrap process executes via an SSH connection. I don’t like this and want to replace the SSH method with an MMDS based solution. MMDS is already present in the firebuild run command. run uses the vminit component from firebuild-mmds. When the guest starts, the vminit guest service connects to the MMDS endpoint, downloads the metadata and configures the VM.
Read more

Introducing firebuild

what is Firecracker Firecracker is a virtualization technology for creating and managing secure, multi-tenant services suited for container-like and serverless scenarios. Firecracker workloads run in virtual machines, not containers. Unlike containers, they benefit from extra isolation properties provided by the hardware virtualization. Similar to containers, Firecracker VMs—microVMs—are lightweight and fast to boot. Like containers, they can be treated like cattle. They combine the flexibility of containers and security of virtual machines.
Read more

firebuild prerequisites

This article describes the prerequisites to the Introducing firebuild. install Firecracker and Jailer on the host Firecracker works only on Linux. You can use this program to install and link the binaries on your system. install and configure golang 1.16+ The tc-redirect-tap CNI plugin (mentioned below) requires golang to build, as does firebuild. firebuild requires golang 1.16+ so install it: rm -rf /usr/local/go && tar -C /usr/local -xzf go1.16.2.linux-amd64.tar.gz mkdir -p $HOME/dev/golang/{bin,src} export PATH=$PATH:/usr/local/go/bin:$HOME/dev/golang/bin export GOPATH=$HOME/dev/golang The most recent version can be downloaded from golang website.
Read more