This refactors awsAuthHeaderer to match oAuthBearerTokenHeaderer and modifies
the `config` command so awsAuthHeaderer can be marshaled to JSON (support for
this was previously missing).
Using `nix-env` you have two options:
`nix-env -i rkt` or `nix-env -iA nixos.rkt`
Using `nix-env -iA rkt` will usually not work.
On NixOS however you also want general virtualization dependencies.
Therefore enabling the rkt virtualisation is the right way to
set up everything correctly.
When the kvm stage1 and the coreos stage1 are used on the same machine with a
flannel CNI configuration (and likely other configurations) without a specified
bridge name, different bridges will be constructed by each stage1 for the same
subnet -- cni0 and kvm-cni0 -- causing traffic intended for the
later-constructed bridge to be lost, as it is routed to the earlier-constructed
bridge.
The normal workaround is to specify a bridge name in the CNI configuration, but
this fix avoids the issue altogether by making sure that cni0 is used in all
cases.
Different RPM distributions use different packages to collect the
various tools from the 'shadow' package so we could use the path
from one of these tools in order to allow the rkt package to be used
in more RPM distributions.
This adds documentation on inspecting rkt's execution with strace, by
querying the proc filesystem, and finding out information about the
cgroups rkt sets up.
It's by no means comprehensive but can be a good starting point for
people learning about containers.
Add an example app can sign and verify files using the metadata service.
Include usage example where we send a file from one pod to another one
and we verify its integrity and authenticity using the metadata service.
Also, reorder examples directory structure.
libfdt-dev is needed when building kernels for architectures that
support a device tree.
Fixes build errors like these when building kvm+lkvm flavor for
ARM64:
Makefile: No libfdt found. Please install libfdt-dev package. Stop.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Use the current working directory and not MK_TOPLEVEL_ABS_SRCDIR when
processing 'go list' output in go-find-directories.
Our invocation of 'go list' in the go-find-directories function uses
paths relative to the current working directory and so the output of
that command will have file paths based on the current working
directory. The make file variable MK_TOPLEVEL_ABS_SRCDIR is initialized
with make's abspath function. The abspath function (GNU Make 4.1) will
resolve symlinks. This difference in resolved and unresolved symlinks
causes problems in the go-find-directories function output when building
from a path that includes a symlink.
Fixes 'make unit-check' errors like these when building in a directory
that has a symlink in its path:
stat ./_/home/runner/workspace/src/github.com/.../builds/build-rkt-none/api/v1: no such file or directory
Signed-off-by: Geoff Levand <geoff@infradead.org>
