Firecracker Python Net
Overview
Section titled “Overview”Network-capable Python rootfs image used by the staff-side Firecracker deployment (firecracker-ctl-net). Built as a multi-stage Docker image whose final scratch layer carries a single /rootfs.ext4 artifact.
This image is not for the public sandbox quick-mode VMs. Those keep the no-network alpine-python rootfs from apps/vm/firecracker-ctl/rootfs/Dockerfile.alpine-python — sandboxing without internet egress is the safety property.
What’s baked in
Section titled “What’s baked in”- Alpine 3.21 + Python 3.12
py3-pip,py3-requests,py3-httpx,py3-urllib3,py3-certifica-certificates-bundle,ca-certificates,iproute2/etc/resolv.confwith1.1.1.1and8.8.8.8/initmounts/proc,/sys,/dev, brings uplo+eth0, thenexec /entrypoint
Two ecosystems
Section titled “Two ecosystems”| Image | Deployment | Network | DNS | requests baked |
|---|---|---|---|---|
alpine-python (existing) | firecracker-ctl (public quick) | none | no | no |
firecracker-python-net (this) | firecracker-ctl-net (staff persistent) | TAP via Gluetun/WireGuard | yes | yes |
npx nx run firecracker-python-net:containernpx nx run firecracker-python-net:extractOutput: packages/docker/firecracker/python/net/dist/python-net.ext4.
Publish
Section titled “Publish”npx nx run firecracker-python-net:container:productionPushes ghcr.io/kbve/firecracker-python-net:latest and :<version>.