diff options
Diffstat (limited to 'content')
-rw-r--r-- | content/_index.html | 2 | ||||
-rw-r--r-- | content/docs/_index.md | 2 | ||||
-rw-r--r-- | content/docs/architecture_guide/performance.md | 2 | ||||
-rw-r--r-- | content/docs/tutorials/docker.md | 4 | ||||
-rw-r--r-- | content/docs/user_guide/FAQ.md | 22 | ||||
-rw-r--r-- | content/docs/user_guide/debugging.md | 2 | ||||
-rw-r--r-- | content/docs/user_guide/quick_start/docker.md | 9 |
7 files changed, 25 insertions, 18 deletions
diff --git a/content/_index.html b/content/_index.html index 9e82ea98d..e2a78364d 100644 --- a/content/_index.html +++ b/content/_index.html @@ -7,7 +7,7 @@ description = "A container sandbox runtime focused on security, efficiency, and {{< blocks/cover image_anchor="top" height="auto" color="primary" title="gVisor" >}} <div class="mx-auto"> <p class="lead">A container sandbox runtime focused on <strong>security</strong>, <strong>efficiency</strong>, and <strong>ease of use</strong>.</p> - <a class="btn btn-lg btn-primary mr-3 mb-4" href="./docs/user_guide/docker/">Quick Start<i class="fas fa-arrow-alt-circle-right ml-2"></i></a> + <a class="btn btn-lg btn-primary mr-3 mb-4" href="./docs/user_guide/quick_start/docker/">Quick Start<i class="fas fa-arrow-alt-circle-right ml-2"></i></a> <a class="btn btn-lg btn-secondary mr-3 mb-4" href="https://github.com/google/gvisor" rel="noopener">GitHub <i class="fab fa-github ml-2"></i></a> </div> {{< /blocks/cover >}} diff --git a/content/docs/_index.md b/content/docs/_index.md index 238ece1e1..b929c0870 100644 --- a/content/docs/_index.md +++ b/content/docs/_index.md @@ -14,7 +14,7 @@ gVisor takes a distinct approach to container sandboxing and makes a different set of technical trade-offs compared to existing sandbox technologies, thus providing new tools and ideas for the container security landscape. -Check out the [gVisor Quick Start](./user_guide/docker/) to get started +Check out the [gVisor Quick Start](./user_guide/quick_start/docker/) to get started using gVisor. ## How this documentation is organized diff --git a/content/docs/architecture_guide/performance.md b/content/docs/architecture_guide/performance.md index 65cbcb700..43ee5ada4 100644 --- a/content/docs/architecture_guide/performance.md +++ b/content/docs/architecture_guide/performance.md @@ -175,7 +175,7 @@ similarly loads a number of modules and binds an HTTP server. > Note: most of the time overhead above is associated Docker itself. This is > evident with the empty `runc` benchmark. To avoid these costs with `runsc`, > you may also consider using `runsc do` mode or invoking the [OCI -> runtime](../../user_guide/oci/) directly. +> runtime](../../user_guide/quick_start/oci/) directly. ## Network diff --git a/content/docs/tutorials/docker.md b/content/docs/tutorials/docker.md index eb6da6ec6..8391515c3 100644 --- a/content/docs/tutorials/docker.md +++ b/content/docs/tutorials/docker.md @@ -68,6 +68,6 @@ Congratulations! You have just deployed a WordPress site using Docker. [Learn how to deploy WordPress with Kubernetes][wordpress-k8s]. [docker]: https://www.docker.com/ -[docker-install]: /docs/user_guide/docker/ +[docker-install]: /docs/user_guide/quick_start/docker/ [wordpress]: https://wordpress.com/ -[wordpress-k8s]: /docs/tutorials/kubernetes/
\ No newline at end of file +[wordpress-k8s]: /docs/tutorials/kubernetes/ diff --git a/content/docs/user_guide/FAQ.md b/content/docs/user_guide/FAQ.md index 19358e8db..2cee17477 100644 --- a/content/docs/user_guide/FAQ.md +++ b/content/docs/user_guide/FAQ.md @@ -25,15 +25,15 @@ Binaries run in gVisor should be built for the ### Can I run Docker images using gVisor. -Yes. Please see the [Docker Quick Start](/docs/user_guide/docker/). +Yes. Please see the [Docker Quick Start][docker]. ### Can I run Kubernetes pods using gVisor. -Yes. Please see the [Docker Quick Start](/docs/user_guide/kubernetes/). +Yes. Please see the [Docker Quick Start][k8s]. ### What's the security model? -See the [Security Model](../../architecture_guide/security/). +See the [Security Model][security-model]. ## Troubleshooting @@ -41,18 +41,18 @@ See the [Security Model](../../architecture_guide/security/). If you’re having problems running a container with `runsc` it’s most likely due to a compatibility issue or a missing feature in gVisor. See -[Debugging](../debugging/). +[Debugging][debugging]. ### When I run my container, docker fails with: `open /run/containerd/.../<containerid>/log.json: no such file or directory` You are using an older version of Linux which doesn't support `memfd_create`. gVisor requires Linux {{< required_linux >}} ([older Linux][old-linux]). -[comment]: # (TODO[gvisor.dev/issue/268] remove when better error messages are implemented.) +This is tracked in [bug #268](https://gvisor.dev/issue/268). ### When I run my container, docker fails with: `flag provided but not defined: -console` -You're using an old version of Docker. See [Docker Quick Start](../docker/). +You're using an old version of Docker. See [Docker Quick Start][docker]. ### I can’t see a file copied with: `docker cp` @@ -61,9 +61,9 @@ not realize a new file was copied to a given directory. To invalidate the cache and force a refresh, create a file under the directory in question and list the contents again. -As a workaround, shared root filesystem can be enabled. See [Filesystem](../filesystem/). +As a workaround, shared root filesystem can be enabled. See [Filesystem][filesystem]. -This bug is tracked in [bug #4](https://github.com/google/gvisor/issues/4). +This bug is tracked in [bug #4](https://gvisor.dev/issue/4). Note that `kubectl cp` works because it does the copy by exec'ing inside the sandbox, and thus gVisor's internal cache is made aware of the new files and @@ -96,6 +96,10 @@ sandbox isolation. There are a few different workarounds you can try: * Use IPs instead of container names. * Use [Kubernetes][k8s]. Container name lookup works fine in Kubernetes. +[security-model]: /docs/architecture_guide/security/ [old-linux]: /docs/user_guide/networking/#gso [host-net]: /docs/user_guide/networking/#network-passthrough -[k8s]: /docs/user_guide/kubernetes
\ No newline at end of file +[debugging]: /docs/user_guide/debugging/ +[filesystem]: /docs/user_guide/filesystem/ +[docker]: /docs/user_guide/quick_start/docker/ +[k8s]: /docs/user_guide/quick_start/kubernetes/ diff --git a/content/docs/user_guide/debugging.md b/content/docs/user_guide/debugging.md index e6f024de6..4d26d557c 100644 --- a/content/docs/user_guide/debugging.md +++ b/content/docs/user_guide/debugging.md @@ -4,7 +4,7 @@ weight = 120 +++ To enable debug and system call logging, add the `runtimeArgs` below to your -[Docker](../docker/) configuration (`/etc/docker/daemon.json`): +[Docker](../quick_start/docker/) configuration (`/etc/docker/daemon.json`): ```json { diff --git a/content/docs/user_guide/quick_start/docker.md b/content/docs/user_guide/quick_start/docker.md index 523831c1b..f599e3ae1 100644 --- a/content/docs/user_guide/quick_start/docker.md +++ b/content/docs/user_guide/quick_start/docker.md @@ -85,9 +85,12 @@ $ docker run --runtime=runsc -it ubuntu dmesg Note that this is easily replicated by an attacker so applications should never use `dmesg` to verify the runtime in a security sensitive context. -Next, look at the different options available for gVisor: [platform](../platforms/), -[network](../networking/), [filesystem](../filesystem/). +Next, look at the different options available for gVisor: [platform][platforms], +[network][networking], [filesystem][filesystem]. [docker]: https://docs.docker.com/install/ - [storage-driver]: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-storage-driver + +[filesystem]: /docs/user_guide/filesystem/ +[networking]: /docs/user_guide/networking/ +[platforms]: /docs/user_guide/platforms/ |