Skip to main content

MicroVM images

MicroVMs receive kernel binaries and Operating System volumes from container images. This means that users can easily create and publish their own on Dockerhub.

Compatible images are published as part of the Liquid Metal project.

Supported images

Kernel:

  • ghcr.io/liquidmetal-dev/flintlock-kernel:5.10.77
  • ghcr.io/liquidmetal-dev/flintlock-kernel:4.19.215

OS:

The tags here refer to the version of Kubernetes. The base OS is Ubuntu 20.04.

  • ghcr.io/liquidmetal-dev/capmvm-kubernetes:1.23.5
  • ghcr.io/liquidmetal-dev/capmvm-kubernetes:1.22.8
  • ghcr.io/liquidmetal-dev/capmvm-kubernetes:1.22.3
  • ghcr.io/liquidmetal-dev/capmvm-kubernetes:1.21.8

Experimental images

These images are not guaranteed to work.

Kernel:

  • ghcr.io/liquidmetal-dev/flintlock-kernel-arm:5.10.77
  • ghcr.io/liquidmetal-dev/flintlock-kernel-arm:4.19.215

OS:

  • ghcr.io/liquidmetal-dev/capmvm-kubernetes-arm:1.23.5
  • ghcr.io/liquidmetal-dev/capmvm-kubernetes-arm:1.22.8
  • ghcr.io/liquidmetal-dev/capmvm-kubernetes-arm:1.22.3
  • ghcr.io/liquidmetal-dev/capmvm-kubernetes-arm:1.21.8

Build your own

You can build your own images and supply them in your CreateMicroVM requests.

Our image builder can be found here if you would like to use it as a base.

Note that firecracker only documents support for 5.10 and 4.19 kernels.

If you'd prefer more bare-bone images, here are some broken down steps for creating images for volumes, kernels and initrd.

Setup

Run the following command to download the Ubuntu Server cloud images:

./hack/scripts/download_cloudimages.sh

This downloads the Ubuntu Server Cloud Image files and and processes them. The downloaded files and processed files will be available in out/images by default. There are a number of flags that can be used for custimization:

FlagDescription
-o/--outputSpecifies the output folder to use. Defaults to ./out.
-v/--versionSpecifies the ubuntu version to download. Defaults to bionic.
-s/--image-sizeSpecifies the size of the root fs to create. Defaluts to 10G.

The processed files (i.e. root filesystem, uncompressed kernel, initrd) can be used directly with Firecracker without flintlock.

As an alternative using the download script you can use debootstrap by running sudo debootstrap bionic ./out/images/mount > /dev/null. The commands in the following sections may need to be adapted.

Building a volume container image

  1. Run the following to mount the downloaded and processed root filesystem:
mkdir -p out/images/mount
sudo mount -o loop out/images/bionic/bionic.rootfs ./out/images/mount
  1. Run the following to create the container image (replacing myorg/ubuntu-bionic-volume:v0.0.1 with your required container image name/tag):
sudo tar -C ./out/images/mount -c . | docker import - myorg/ubuntu-bionic-volume:v0.0.1
docker push myorg/ubuntu-bionic-volume:v0.0.1

Building a Kernel/Initrd container image

We recommend using Firecracker's kernel config if you are building anew.

  1. Create a Dockerfile that adds the uncompressed kernel and initrd. For example:
FROM scratch

COPY vmlinux initrd-generic /
  1. Use docker build and then push