Firecracker CTL
Overview
Section titled “Overview”Rust Axum REST API for managing Firecracker microVMs. Provides VM lifecycle management (create, poll, destroy) with per-VM timeout enforcement and in-memory state tracking via DashMap.
API Endpoints
Section titled “API Endpoints”| Method | Path | Description |
|---|---|---|
POST | /vm/create | Create and start a microVM |
GET | /vm/{vm_id} | Get VM status |
GET | /vm/{vm_id}/result | Get stdout/stderr/exit_code after completion |
DELETE | /vm/{vm_id} | Force-terminate a running VM |
GET | /vm | List all VMs |
GET | /health | Service health check |
Code Execution Flow
Section titled “Code Execution Flow”- User code arrives via
env.CODEin the create request - Code is written to a raw block file (512-byte padded)
- Block file attached as second Firecracker drive (
/dev/vdb) - Entrypoint passed via
boot_args(fc_entrypoint=/usr/bin/python3) - VM init script reads code from
/dev/vdb, writes to/tmp/code, execs entrypoint
Rootfs Images
Section titled “Rootfs Images”Pre-built ext4 root filesystems built in-cluster via ArgoCD PostSync hook:
| Image | Size | Contents |
|---|---|---|
alpine-minimal | 32 MB | Alpine + busybox |
alpine-python | 128 MB | Alpine + Python 3.12 |
alpine-node | 128 MB | Alpine + Node.js |
Kubernetes Resources
Section titled “Kubernetes Resources”All manifests in apps/kube/firecracker/manifests/:
- Deployment —
firecracker-ctlwith/dev/kvmdevice plugin,kvm=truenode selector - Service — ClusterIP on port 9001
- PVC — 2Gi Longhorn volume for rootfs + vmlinux kernel
- NetworkPolicy — Ingress from edge-runtime + dashboard proxy only
- KEDA ScaledObject — minReplicas=1, cron scales to 2 during peak hours
- Rootfs Init Job — ArgoCD PostSync hook, builds ext4 images in-cluster