Documentation
¶
Overview ¶
Package firecracker provides a backend that executes code in Firecracker microVMs. Provides strongest isolation; higher complexity and operational cost. Appropriate for high-risk multi-tenant execution.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrFirecrackerNotAvailable is returned when Firecracker is not available. ErrFirecrackerNotAvailable = errors.New("firecracker not available") // ErrMicroVMCreationFailed is returned when microVM creation fails. ErrMicroVMCreationFailed = errors.New("microvm creation failed") // ErrMicroVMExecutionFailed is returned when microVM execution fails. ErrMicroVMExecutionFailed = errors.New("microvm execution failed") // ErrClientNotConfigured is returned when no MicroVMRunner is configured. ErrClientNotConfigured = errors.New("firecracker runner not configured") ErrDaemonUnavailable = errors.New("firecracker daemon unavailable") )
Errors for Firecracker backend operations.
Functions ¶
This section is empty.
Types ¶
type Backend ¶
type Backend struct {
// contains filtered or unexported fields
}
Backend executes code in Firecracker microVMs.
func (*Backend) Execute ¶
func (b *Backend) Execute(ctx context.Context, req runtime.ExecuteRequest) (runtime.ExecuteResult, error)
Execute runs code in a Firecracker microVM.
func (*Backend) Kind ¶
func (b *Backend) Kind() runtime.BackendKind
Kind returns the backend kind identifier.
type Config ¶
type Config struct {
// BinaryPath is the path to the firecracker binary.
// Default: firecracker (uses PATH)
BinaryPath string
// KernelPath is the path to the guest kernel.
// Required for execution.
KernelPath string
// RootfsPath is the path to the root filesystem image.
// Required for execution.
RootfsPath string
// SocketPath is the path for the Firecracker API socket.
// Default: auto-generated per VM
SocketPath string
// VCPUCount is the number of virtual CPUs.
// Default: 1
VCPUCount int
// MemSizeMB is the memory size in megabytes.
// Default: 128
MemSizeMB int
// Image is the container image to use for execution when supported.
// Default: toolruntime-sandbox:latest
Image string
// Client executes microVM specs.
// If nil, Execute() returns ErrClientNotConfigured.
Client MicroVMRunner
// HealthChecker optionally verifies Firecracker availability.
HealthChecker HealthChecker
// Logger is an optional logger for backend events.
Logger Logger
}
Config configures a Firecracker backend.
type HealthChecker ¶ added in v0.2.0
HealthChecker can verify Firecracker availability.
type Logger ¶
type Logger interface {
Info(msg string, args ...any)
Warn(msg string, args ...any)
Error(msg string, args ...any)
}
Logger is the interface for logging.
Contract: - Concurrency: implementations must be safe for concurrent use. - Errors: logging must be best-effort and must not panic.
type MicroVMResult ¶ added in v0.2.0
MicroVMResult captures the output of a microVM execution.
type MicroVMRunner ¶ added in v0.2.0
type MicroVMRunner interface {
Run(ctx context.Context, spec MicroVMSpec) (MicroVMResult, error)
}
MicroVMRunner executes a Firecracker microVM for a given spec.
Contract: - Concurrency: Implementations must be safe for concurrent use. - Context: Run must honor cancellation and deadlines. - Ownership: Implementations must not mutate the provided spec.
type MicroVMSpec ¶ added in v0.2.0
type MicroVMSpec struct {
Image string
Command []string
WorkingDir string
Env []string
Resources VMResourceSpec
Config VMConfig
Timeout time.Duration
Labels map[string]string
}
MicroVMSpec defines what to run inside a Firecracker microVM.
func (MicroVMSpec) Validate ¶ added in v0.2.0
func (s MicroVMSpec) Validate() error
Validate checks MicroVMSpec for errors before execution.
type VMResourceSpec ¶ added in v0.2.0
VMResourceSpec defines resource limits for microVMs.
Source Files