From ea5eadfcec12256192c8e97273b5565edfc27137 Mon Sep 17 00:00:00 2001 From: Sun-ZhenXing <1006925066@qq.com> Date: Wed, 7 Jan 2026 17:43:22 +0800 Subject: [PATCH] chore: update mineru --- README.md | 4 +- README.zh.md | 4 +- builds/kata-inside-dind/.env.example | 36 ------ builds/kata-inside-dind/Dockerfile | 72 ----------- builds/kata-inside-dind/README.md | 112 ---------------- builds/kata-inside-dind/README.zh.md | 112 ---------------- builds/kata-inside-dind/docker-compose.yaml | 55 -------- builds/kata-inside-dind/dockerd-entrypoint.sh | 120 ------------------ builds/mineru/.env.example | 2 +- builds/mineru/Dockerfile | 2 +- builds/mineru/README.md | 2 +- builds/mineru/README.zh.md | 2 +- builds/mineru/docker-compose.yaml | 5 +- src/podman/.env.example | 17 +++ src/podman/README.md | 38 ++++++ src/podman/README.zh.md | 38 ++++++ src/podman/docker-compose.yaml | 44 +++++++ 17 files changed, 151 insertions(+), 514 deletions(-) delete mode 100644 builds/kata-inside-dind/.env.example delete mode 100644 builds/kata-inside-dind/Dockerfile delete mode 100644 builds/kata-inside-dind/README.md delete mode 100644 builds/kata-inside-dind/README.zh.md delete mode 100644 builds/kata-inside-dind/docker-compose.yaml delete mode 100644 builds/kata-inside-dind/dockerd-entrypoint.sh create mode 100644 src/podman/.env.example create mode 100644 src/podman/README.md create mode 100644 src/podman/README.zh.md create mode 100644 src/podman/docker-compose.yaml diff --git a/README.md b/README.md index 2048d33..74a6ad6 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,8 @@ These services require building custom Docker images from source. | [goose](./builds/goose) | 1.18.0 | | [IOPaint](./builds/io-paint) | 1.6.0 | | [K3s inside DinD](./builds/k3s-inside-dind) | 0.2.2 | -| [MinerU vLLM](./builds/mineru) | 2.7.0 | +| [KrunVM DinD](./builds/krunvm) | 0.1.0 | +| [MinerU vLLM](./builds/mineru) | 2.7.1 | ## Supported Services @@ -95,6 +96,7 @@ These services require building custom Docker images from source. | [OpenList](./src/openlist) | latest | | [OpenSearch](./src/opensearch) | 2.19.0 | | [PocketBase](./src/pocketbase) | 0.30.0 | +| [Podman](./src/podman) | v5.7.1 | | [Portainer](./src/portainer) | 2.27.3-alpine | | [Portkey AI Gateway](./src/portkey-gateway) | latest | | [PostgreSQL](./src/postgres) | 17.6 | diff --git a/README.zh.md b/README.zh.md index 72d650e..6237f51 100644 --- a/README.zh.md +++ b/README.zh.md @@ -12,7 +12,8 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件, | [goose](./builds/goose) | 1.18.0 | | [IOPaint](./builds/io-paint) | 1.6.0 | | [K3s inside DinD](./builds/k3s-inside-dind) | 0.2.2 | -| [MinerU vLLM](./builds/mineru) | 2.7.0 | +| [KrunVM DinD](./builds/krunvm) | 0.1.0 | +| [MinerU vLLM](./builds/mineru) | 2.7.1 | ## 已经支持的服务 @@ -95,6 +96,7 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件, | [OpenList](./src/openlist) | latest | | [OpenSearch](./src/opensearch) | 2.19.0 | | [PocketBase](./src/pocketbase) | 0.30.0 | +| [Podman](./src/podman) | v5.7.1 | | [Portainer](./src/portainer) | 2.27.3-alpine | | [Portkey AI Gateway](./src/portkey-gateway) | latest | | [PostgreSQL](./src/postgres) | 17.6 | diff --git a/builds/kata-inside-dind/.env.example b/builds/kata-inside-dind/.env.example deleted file mode 100644 index 0cbc6d2..0000000 --- a/builds/kata-inside-dind/.env.example +++ /dev/null @@ -1,36 +0,0 @@ -# Global Registry (optional) -# GLOBAL_REGISTRY=registry.example.com/ - -# Debian Version -DEBIAN_VERSION=13.2-slim - -# Kata Containers Version -KATA_VERSION=3.24.0 - -# Firecracker Version -# Version of Firecracker VMM to install -FIRECRACKER_VERSION=1.10.1 - -# Kata DinD Image Version -# Built image version tag -KATA_DIND_VERSION=0.2.0 - -# Timezone -# Set the timezone for the container -TZ=UTC - -# Kata Logging Level -# Options: debug, info, warn, error -KATA_LOGGING_LEVEL=info - -# Resource Limits -# CPU limit (cores) -KATA_DIND_CPU_LIMIT=2.00 -# Memory limit -KATA_DIND_MEMORY_LIMIT=4G - -# Resource Reservations -# CPU reservation (cores) -KATA_DIND_CPU_RESERVATION=0.50 -# Memory reservation -KATA_DIND_MEMORY_RESERVATION=1G diff --git a/builds/kata-inside-dind/Dockerfile b/builds/kata-inside-dind/Dockerfile deleted file mode 100644 index f55d054..0000000 --- a/builds/kata-inside-dind/Dockerfile +++ /dev/null @@ -1,72 +0,0 @@ -ARG DEBIAN_VERSION=13.2-slim -FROM debian:${DEBIAN_VERSION} - -# Install dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - gnupg \ - iptables \ - procps \ - e2fsprogs \ - xfsprogs \ - xz-utils \ - pigz \ - zstd \ - kmod \ - && rm -rf /var/lib/apt/lists/* - -# Install Docker -RUN install -m 0755 -d /etc/apt/keyrings \ - && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \ - && chmod a+r /etc/apt/keyrings/docker.gpg \ - && echo \ - "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ - $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ - tee /etc/apt/sources.list.d/docker.list > /dev/null \ - && apt-get update \ - && apt-get install -y --no-install-recommends \ - docker-ce \ - docker-ce-cli \ - containerd.io \ - docker-buildx-plugin \ - docker-compose-plugin \ - && rm -rf /var/lib/apt/lists/* - -# Install Kata Containers (Static Binaries) -ARG KATA_VERSION=3.24.0 -ARG ARCH=amd64 -RUN curl -fsSL https://github.com/kata-containers/kata-containers/releases/download/${KATA_VERSION}/kata-static-${KATA_VERSION}-${ARCH}.tar.zst -o kata-static.tar.zst \ - && tar -I zstd -xvf kata-static.tar.zst -C / \ - && rm kata-static.tar.zst \ - && ln -s /opt/kata/bin/kata-runtime /usr/bin/kata-runtime \ - && ln -s /opt/kata/bin/containerd-shim-kata-v2 /usr/bin/containerd-shim-kata-v2 \ - && ln -s /opt/kata/bin/kata-monitor /usr/bin/kata-monitor \ - && ln -s /opt/kata/bin/kata-collect-data /usr/bin/kata-collect-data \ - && ln -s /opt/kata/bin/qemu-system-x86_64 /usr/bin/qemu-system-x86_64 || true \ - && ln -s /opt/kata/libexec/virtiofsd /usr/bin/virtiofsd || true - -# Configure Kata -RUN mkdir -p /etc/kata-containers \ - && cp /opt/kata/share/defaults/kata-containers/configuration-qemu.toml /etc/kata-containers/ \ - && cp /opt/kata/share/defaults/kata-containers/configuration-fc.toml /etc/kata-containers/ || true - -# Install Firecracker -ARG FIRECRACKER_VERSION=1.14.0 -RUN if [ "${ARCH}" = "amd64" ]; then ARCH="x86_64"; fi \ - && curl -fsSL https://github.com/firecracker-microvm/firecracker/releases/download/v${FIRECRACKER_VERSION}/firecracker-v${FIRECRACKER_VERSION}-${ARCH}.tgz -o firecracker.tgz \ - && tar -xzf firecracker.tgz \ - && mv release-v${FIRECRACKER_VERSION}-${ARCH}/firecracker-v${FIRECRACKER_VERSION}-${ARCH} /usr/local/bin/firecracker \ - && mv release-v${FIRECRACKER_VERSION}-${ARCH}/jailer-v${FIRECRACKER_VERSION}-${ARCH} /usr/local/bin/jailer \ - && chmod +x /usr/local/bin/firecracker /usr/local/bin/jailer \ - && rm -rf release-v${FIRECRACKER_VERSION}-${ARCH} firecracker.tgz - -# Set up dind -VOLUME /var/lib/docker - -# Copy entrypoint script -COPY dockerd-entrypoint.sh /usr/local/bin/ -RUN chmod +x /usr/local/bin/dockerd-entrypoint.sh - -ENTRYPOINT ["dockerd-entrypoint.sh"] -CMD ["dockerd"] diff --git a/builds/kata-inside-dind/README.md b/builds/kata-inside-dind/README.md deleted file mode 100644 index 4d87648..0000000 --- a/builds/kata-inside-dind/README.md +++ /dev/null @@ -1,112 +0,0 @@ -# Kata Containers inside Docker-in-Docker - -[中文文档](README.zh.md) - -A VM-based container runtime (Kata Containers with Firecracker VMM) running inside a Docker-in-Docker (DinD) container. This setup provides lightweight virtual machines with strong security isolation while maintaining container-like performance and simplicity. Kata Containers can use multiple hypervisors (QEMU, Firecracker, Cloud Hypervisor), and this image includes Firecracker by default for optimal performance. - -## Features - -- ✅ Complete Kata Containers runtime with official installation -- ✅ Firecracker VMM for lightweight VM isolation -- ✅ QEMU fallback support -- ✅ Docker-in-Docker support for managing containers -- ✅ VM-based container isolation with hardware security -- ✅ Resource limits to prevent system exhaustion -- ✅ Health checks for runtime readiness -- ✅ Persistent storage for Kata and Docker data -- ✅ Configurable logging levels -- ✅ Compatible with Kubernetes via RuntimeClass - -## Prerequisites - -**Critical Requirements:** - -- Docker Engine 20.10+ -- Docker Compose 2.0+ -- **Host machine must support nested virtualization (KVM)** -- `/dev/kvm` device available on the host -- `/lib/modules` available on the host (for kernel module verification) -- At least 2 CPU cores and 4GB RAM available -- Privileged container support required - -### Verify Host Prerequisites - -```bash -# Check if KVM is available -ls -l /dev/kvm - -# For Intel CPUs, verify nested virtualization is enabled -cat /sys/module/kvm_intel/parameters/nested -# Should output 'Y' or '1'. If not: -# sudo modprobe -r kvm_intel -# sudo modprobe kvm_intel nested=1 -``` - -## Quick Start - -1. Copy the environment file: - - ```bash - cp .env.example .env - ``` - -2. (Optional) Customize the configuration in `.env` - -3. Build and start the service: - - ```bash - docker compose up -d --build - ``` - -4. Wait for Kata runtime to be ready: - - ```bash - docker compose logs -f kata-dind - ``` - -5. Access the Docker daemon inside: - - ```bash - # Get the container ID - docker compose ps - - # Execute commands inside the container - docker compose exec kata-dind docker ps - - # Run a container with Kata runtime (Firecracker) - docker compose exec kata-dind docker run --rm --runtime=kata-fc debian:bookworm uname -a - - # Or run with QEMU (fallback) - docker compose exec kata-dind docker run --rm --runtime=kata debian:bookworm uname -a - ``` - -## Configuration - -### Environment Variables - -| Variable | Default | Description | -| ------------------------------ | ----------- | --------------------------------------------- | -| `DEBIAN_VERSION` | `13.2-slim` | Base Debian version | -| `KATA_VERSION` | `3.24.0` | Kata Containers version | -| `FIRECRACKER_VERSION` | `1.10.1` | Version of Firecracker VMM to install | -| `KATA_DIND_VERSION` | `0.2.0` | Built image version tag | -| `TZ` | `UTC` | Timezone for the container | -| `KATA_LOGGING_LEVEL` | `info` | Kata logging level (debug, info, warn, error) | -| `KATA_DIND_CPU_LIMIT` | `2.00` | CPU limit in cores | -| `KATA_DIND_MEMORY_LIMIT` | `4G` | Memory limit | -| `KATA_DIND_CPU_RESERVATION` | `0.50` | CPU reservation in cores | -| `KATA_DIND_MEMORY_RESERVATION` | `1G` | Memory reservation | - -## Usage Examples - -### Running a Secure Container - -```bash -docker compose exec kata-dind docker run -it --rm --runtime=kata-fc alpine sh -``` - -### Checking Runtime Information - -```bash -docker compose exec kata-dind docker info | grep -i runtime -``` diff --git a/builds/kata-inside-dind/README.zh.md b/builds/kata-inside-dind/README.zh.md deleted file mode 100644 index 4980bdb..0000000 --- a/builds/kata-inside-dind/README.zh.md +++ /dev/null @@ -1,112 +0,0 @@ -# Kata 容器在 Docker-in-Docker 中运行 - -[English Documentation](README.md) - -一个基于虚拟机的容器运行时(Kata Containers 与 Firecracker VMM)在 Docker-in-Docker(DinD)容器内运行。此设置提供轻量级虚拟机,具有强安全隔离的同时保持容器的性能和简洁性。Kata Containers 支持多种虚拟机管理器(QEMU、Firecracker、Cloud Hypervisor),此镜像默认包含 Firecracker 以获得最佳性能。 - -## 特性 - -- ✅ 使用官方安装脚本的完整 Kata Containers 运行时 -- ✅ Firecracker VMM 提供轻量级 VM 隔离 -- ✅ QEMU 回退支持 -- ✅ Docker-in-Docker 支持容器管理 -- ✅ 基于 VM 的容器隔离和硬件安全性 -- ✅ 资源限制防止系统资源耗尽 -- ✅ 运行时就绪性的健康检查 -- ✅ Kata 和 Docker 数据的持久化存储 -- ✅ 可配置的日志级别 -- ✅ 通过 RuntimeClass 与 Kubernetes 兼容 - -## 前置条件 - -**关键要求:** - -- Docker Engine 20.10+ -- Docker Compose 2.0+ -- **宿主机必须支持嵌套虚拟化(KVM)** -- 宿主机上 `/dev/kvm` 设备可用 -- 宿主机上 `/lib/modules` 可用(用于内核模块验证) -- 至少 2 个 CPU 核心和 4GB RAM -- 需要特权容器支持 - -### 验证宿主机前置条件 - -```bash -# 检查 KVM 是否可用 -ls -l /dev/kvm - -# 对于 Intel CPU,验证嵌套虚拟化是否启用 -cat /sys/module/kvm_intel/parameters/nested -# 应该输出 'Y' 或 '1'。如果不是: -# sudo modprobe -r kvm_intel -# sudo modprobe kvm_intel nested=1 -``` - -## 快速开始 - -1. 复制环境文件: - - ```bash - cp .env.example .env - ``` - -2. (可选)在 `.env` 中自定义配置 - -3. 构建并启动服务: - - ```bash - docker compose up -d --build - ``` - -4. 等待 Kata 运行时就绪: - - ```bash - docker compose logs -f kata-dind - ``` - -5. 访问容器内的 Docker 守护进程: - - ```bash - # 获取容器 ID - docker compose ps - - # 在容器内执行命令 - docker compose exec kata-dind docker ps - - # 使用 Firecracker 运行时运行容器 - docker compose exec kata-dind docker run --rm --runtime=kata-fc debian:bookworm uname -a - - # 或使用 QEMU(回退方案) - docker compose exec kata-dind docker run --rm --runtime=kata debian:bookworm uname -a - ``` - -## 配置 - -### 环境变量 - -| 变量 | 默认值 | 说明 | -| ------------------------------ | ----------- | ----------------------------------------- | -| `DEBIAN_VERSION` | `13.2-slim` | 基础 Debian 版本 | -| `KATA_VERSION` | `3.24.0` | Kata Containers 版本 | -| `FIRECRACKER_VERSION` | `1.10.1` | 要安装的 Firecracker VMM 版本 | -| `KATA_DIND_VERSION` | `0.2.0` | 构建的镜像版本标签 | -| `TZ` | `UTC` | 容器的时区 | -| `KATA_LOGGING_LEVEL` | `info` | Kata 日志级别(debug、info、warn、error) | -| `KATA_DIND_CPU_LIMIT` | `2.00` | CPU 限制(核心数) | -| `KATA_DIND_MEMORY_LIMIT` | `4G` | 内存限制 | -| `KATA_DIND_CPU_RESERVATION` | `0.50` | CPU 预留(核心数) | -| `KATA_DIND_MEMORY_RESERVATION` | `1G` | 内存预留 | - -## 使用示例 - -### 运行安全容器 - -```bash -docker compose exec kata-dind docker run -it --rm --runtime=kata-fc alpine sh -``` - -### 检查运行时信息 - -```bash -docker compose exec kata-dind docker info | grep -i runtime -``` diff --git a/builds/kata-inside-dind/docker-compose.yaml b/builds/kata-inside-dind/docker-compose.yaml deleted file mode 100644 index a0f8dbb..0000000 --- a/builds/kata-inside-dind/docker-compose.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# Kata Containers inside Docker-in-Docker -# A VM-based container runtime running inside a Docker container with Docker daemon -# See README.md for usage instructions - -x-defaults: &defaults - restart: unless-stopped - logging: - driver: json-file - options: - max-size: 100m - max-file: "3" - -services: - kata-dind: - <<: *defaults - image: ${GLOBAL_REGISTRY:-}alexsuntop/kata-inside-dind:${KATA_DIND_VERSION:-0.2.0} - build: - context: . - dockerfile: Dockerfile - args: - DEBIAN_VERSION: ${DEBIAN_VERSION:-13.2-slim} - KATA_VERSION: ${KATA_VERSION:-3.24.0} - FIRECRACKER_VERSION: ${FIRECRACKER_VERSION:-1.14.0} - privileged: true - devices: - - /dev/kvm:/dev/kvm - - /dev/net/tun:/dev/net/tun - - /dev/vhost-net:/dev/vhost-net - - /dev/vhost-vsock:/dev/vhost-vsock - volumes: - - kata_data:/var/lib/kata - - docker_data:/var/lib/docker - - /lib/modules:/lib/modules:ro - environment: - - TZ=${TZ:-UTC} - - DOCKER_TLS_CERTDIR=${DOCKER_TLS_CERTDIR:-} - - KATA_LOGGING_LEVEL=${KATA_LOGGING_LEVEL:-info} - healthcheck: - test: ["CMD", "docker", "info"] - interval: 30s - timeout: 10s - retries: 5 - start_period: 60s - deploy: - resources: - limits: - cpus: ${KATA_DIND_CPU_LIMIT:-2.00} - memory: ${KATA_DIND_MEMORY_LIMIT:-4G} - reservations: - cpus: ${KATA_DIND_CPU_RESERVATION:-0.50} - memory: ${KATA_DIND_MEMORY_RESERVATION:-1G} - -volumes: - kata_data: - docker_data: diff --git a/builds/kata-inside-dind/dockerd-entrypoint.sh b/builds/kata-inside-dind/dockerd-entrypoint.sh deleted file mode 100644 index 94b814e..0000000 --- a/builds/kata-inside-dind/dockerd-entrypoint.sh +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/sh -set -e - -# Adapted from official docker-library/docker dind entrypoint -# https://github.com/docker-library/docker/blob/master/24/dind/dockerd-entrypoint.sh - -if [ -z "$DOCKER_HOST" ]; then - case "$1" in - dockerd*) - # If we're running dockerd, we need to make sure we have cgroups mounted - if [ ! -d /sys/fs/cgroup ]; then - mkdir -p /sys/fs/cgroup - fi - if ! mountpoint -q /sys/fs/cgroup; then - mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup - fi - - # Mount cgroup v2 if available and not mounted - if [ -e /sys/fs/cgroup/cgroup.controllers ] && ! mountpoint -q /sys/fs/cgroup; then - mount -t cgroup2 -o nsdelegate cgroup2 /sys/fs/cgroup - fi - - # If /sys/fs/cgroup is not a cgroup2 mount, we might need to mount cgroup v1 hierarchies - if ! mountpoint -q /sys/fs/cgroup || [ "$(stat -f -c %T /sys/fs/cgroup)" != "cgroup2fs" ]; then - if [ -d /sys/fs/cgroup/cgroup.controllers ]; then - # It is cgroup2 but maybe not mounted as such? - # Actually if it exists, it's likely v2. - : - else - # cgroup v1 - for subsystem in $(awk '/^[^#]/ { print $1 }' /proc/cgroups); do - mkdir -p "/sys/fs/cgroup/$subsystem" - if ! mountpoint -q "/sys/fs/cgroup/$subsystem"; then - mount -t cgroup -o "$subsystem" cgroup "/sys/fs/cgroup/$subsystem" - fi - done - fi - fi - ;; - esac -fi - -# Configure Docker daemon with Kata runtime support -mkdir -p /etc/docker -cat > /etc/docker/daemon.json </dev/null; then - if [ -w /etc/kata-containers/configuration-fc.toml ]; then - sed -i 's|path = ".*firecracker"|path = "/usr/local/bin/firecracker"|g' /etc/kata-containers/configuration-fc.toml || true - fi - fi - - # Update jailer path if available - if [ -x /usr/local/bin/jailer ]; then - if ! grep -q "jailer_path = \"/usr/local/bin/jailer\"" /etc/kata-containers/configuration-fc.toml 2>/dev/null; then - if [ -w /etc/kata-containers/configuration-fc.toml ]; then - sed -i 's|jailer_path = ".*jailer"|jailer_path = "/usr/local/bin/jailer"|g' /etc/kata-containers/configuration-fc.toml || true - fi - fi - fi -fi - -# Enable debug logging if requested -if [ "${KATA_LOGGING_LEVEL}" = "debug" ]; then - echo "[INFO] Enabling debug logging for Kata" - for config in /etc/kata-containers/configuration-*.toml; do - if [ -f "$config" ]; then - sed -i 's/enable_debug = false/enable_debug = true/g' "$config" - sed -i 's/#log_path = .*/log_path = "\/var\/log\/kata\/kata.log"/g' "$config" - sed -i 's/level = "info"/level = "debug"/g' "$config" - fi - done - mkdir -p /var/log/kata -fi - -if [ "$1" = 'dockerd' ] || [ "${1#-}" != "$1" ]; then - # if the first argument is "dockerd" or a flag (starts with -) - if [ "${1#-}" != "$1" ]; then - set -- dockerd "$@" - fi - - # Explicitly use iptables-legacy if available, as it is often more stable for DinD - if command -v update-alternatives >/dev/null; then - if update-alternatives --query iptables | grep -q "iptables-legacy"; then - update-alternatives --set iptables /usr/sbin/iptables-legacy || true - update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true - fi - fi -fi - -exec "$@" diff --git a/builds/mineru/.env.example b/builds/mineru/.env.example index 71d2c5b..cdfeabb 100644 --- a/builds/mineru/.env.example +++ b/builds/mineru/.env.example @@ -1,5 +1,5 @@ # MinerU Docker image -MINERU_DOCKER_IMAGE=alexsuntop/mineru:2.7.0 +MINERU_VERSION=2.7.1 # Port configurations MINERU_PORT_OVERRIDE_VLLM=30000 diff --git a/builds/mineru/Dockerfile b/builds/mineru/Dockerfile index 34831cc..808cfc6 100644 --- a/builds/mineru/Dockerfile +++ b/builds/mineru/Dockerfile @@ -19,7 +19,7 @@ RUN apt-get update && \ rm -rf /var/lib/apt/lists/* # Install mineru latest -RUN python3 -m pip install -U 'mineru[core]>=2.7.0' --break-system-packages && \ +RUN python3 -m pip install -U 'mineru[core]>=2.7.1' --break-system-packages && \ python3 -m pip cache purge # Download models and update the configuration file diff --git a/builds/mineru/README.md b/builds/mineru/README.md index ca3b3bd..74d1e65 100644 --- a/builds/mineru/README.md +++ b/builds/mineru/README.md @@ -39,7 +39,7 @@ mineru -p demo.pdf -o ./output -b vlm-http-client -u http://localhost:30000 ## Configuration -- `MINERU_VERSION`: The version for MinerU, default is `2.7.0`. +- `MINERU_VERSION`: The version for MinerU, default is `2.7.1`. - `MINERU_PORT_OVERRIDE_VLLM`: The host port for the VLLM server, default is `30000`. - `MINERU_PORT_OVERRIDE_API`: The host port for the API service, default is `8000`. - `MINERU_PORT_OVERRIDE_GRADIO`: The host port for the Gradio WebUI, default is `7860`. diff --git a/builds/mineru/README.zh.md b/builds/mineru/README.zh.md index d41accb..07b91a1 100644 --- a/builds/mineru/README.zh.md +++ b/builds/mineru/README.zh.md @@ -39,7 +39,7 @@ mineru -p demo.pdf -o ./output -b vlm-http-client -u http://localhost:30000 ## 配置 -- `MINERU_VERSION`: MinerU 的 Docker 镜像版本,默认为 `2.7.0`。 +- `MINERU_VERSION`: MinerU 的 Docker 镜像版本,默认为 `2.7.1`。 - `MINERU_PORT_OVERRIDE_VLLM`: VLLM 服务器的主机端口,默认为 `30000`。 - `MINERU_PORT_OVERRIDE_API`: API 服务的主机端口,默认为 `8000`。 - `MINERU_PORT_OVERRIDE_GRADIO`: Gradio WebUI 的主机端口,默认为 `7860`。 diff --git a/builds/mineru/docker-compose.yaml b/builds/mineru/docker-compose.yaml index c5a2ca9..1ba1918 100644 --- a/builds/mineru/docker-compose.yaml +++ b/builds/mineru/docker-compose.yaml @@ -8,10 +8,13 @@ x-defaults: &defaults x-mineru-vllm: &mineru-vllm <<: *defaults - image: ${GLOBAL_REGISTRY:-}alexsuntop/mineru:${MINERU_VERSION:-2.7.0} + image: ${GLOBAL_REGISTRY:-}alexsuntop/mineru:${MINERU_VERSION:-2.7.1} build: context: . dockerfile: Dockerfile + platforms: + - linux/amd64 + - linux/arm64 environment: TZ: ${TZ:-UTC} MINERU_MODEL_SOURCE: local diff --git a/src/podman/.env.example b/src/podman/.env.example new file mode 100644 index 0000000..4f0fd95 --- /dev/null +++ b/src/podman/.env.example @@ -0,0 +1,17 @@ +# Podman Configuration + +# Image version: quay.io/podman/stable +# Reference: https://quay.io/repository/podman/stable +PODMAN_VERSION=v5.7.1 + +# Host port for Podman API (default: 8888) +# PODMAN_PORT_OVERRIDE=8888 + +# Timezone +TZ=UTC + +# Resource Limits +# PODMAN_CPU_LIMIT=2.0 +# PODMAN_MEMORY_LIMIT=4G +# PODMAN_CPU_RESERVATION=1.0 +# PODMAN_MEMORY_RESERVATION=2G diff --git a/src/podman/README.md b/src/podman/README.md new file mode 100644 index 0000000..c1983a9 --- /dev/null +++ b/src/podman/README.md @@ -0,0 +1,38 @@ +# Podman (Podman-in-Container) + +[English](./README.md) | [中文](./README.zh.md) + +This service provides a Podman environment running inside a container (Podman-in-Container). It allows you to run and manage OCI containers using Podman without installing it directly on your host. + +## Quick Start + +1. (Optional) Customize the configuration in `.env`. +2. Start the service: + + ```bash + docker compose up -d + ``` + +3. You can either use the Podman API on port `8888` or execute commands directly: + + ```bash + docker compose exec podman podman info + ``` + +## Services + +- `podman`: The Podman engine service. + +## Configuration + +| Environment Variable | Description | Default | +| ---------------------- | -------------------------- | -------- | +| `PODMAN_VERSION` | Version of Podman image | `v5.7.1` | +| `PODMAN_PORT_OVERRIDE` | Host port for Podman API | `8888` | +| `TZ` | Timezone for the container | `UTC` | +| `PODMAN_CPU_LIMIT` | Maximum CPU usage | `2.0` | +| `PODMAN_MEMORY_LIMIT` | Maximum Memory usage | `4G` | + +## Security Note + +This container requires `privileged: true` to function correctly as it needs to manage container namespaces and mounts. Use it only in trusted environments. diff --git a/src/podman/README.zh.md b/src/podman/README.zh.md new file mode 100644 index 0000000..a3d0757 --- /dev/null +++ b/src/podman/README.zh.md @@ -0,0 +1,38 @@ +# Podman (容器内 Podman) + +[English](./README.md) | [中文](./README.zh.md) + +此服务提供一个运行在容器内的 Podman 环境(Podman-in-Container)。它允许你在不直接在主机上安装 Podman 的情况下,使用 Podman 运行和管理 OCI 容器。 + +## 快速开始 + +1. (可选)在 `.env` 中自定义配置。 +2. 启动服务: + + ```bash + docker compose up -d + ``` + +3. 你可以使用端口 `8888` 上的 Podman API,或者直接执行命令: + + ```bash + docker compose exec podman podman info + ``` + +## 服务 + +- `podman`:Podman 引擎服务。 + +## 配置 + +| 环境变量 | 描述 | 默认值 | +| ---------------------- | --------------------- | -------- | +| `PODMAN_VERSION` | Podman 镜像版本 | `v5.7.1` | +| `PODMAN_PORT_OVERRIDE` | Podman API 的主机端口 | `8888` | +| `TZ` | 容器的时区 | `UTC` | +| `PODMAN_CPU_LIMIT` | 最大 CPU 限制 | `2.0` | +| `PODMAN_MEMORY_LIMIT` | 最大内存限制 | `4G` | + +## 安全说明 + +此容器需要 `privileged: true` 才能正常运行,因为它需要管理容器命名空间和挂载。请仅在受信任的环境中使用。 diff --git a/src/podman/docker-compose.yaml b/src/podman/docker-compose.yaml new file mode 100644 index 0000000..850b6f3 --- /dev/null +++ b/src/podman/docker-compose.yaml @@ -0,0 +1,44 @@ +# Podman (Podman-in-Container) +# High-quality container management tool for developing, managing, and running OCI Containers + +x-defaults: &defaults + restart: unless-stopped + logging: + driver: json-file + options: + max-size: 100m + max-file: "3" + +services: + podman: + <<: *defaults + image: ${GLOBAL_REGISTRY:-}quay.io/podman/stable:${PODMAN_VERSION:-v5.7.1} + #! Podman-in-Container usually requires privileged mode to manage containers + privileged: true + #! Optional: Enable Podman API service + command: podman system service --time=0 tcp:0.0.0.0:8888 + ports: + - "${PODMAN_PORT_OVERRIDE:-8888}:8888" + volumes: + - podman_data:/var/lib/containers + #! Optional: volume for podman configs/registries + # - ./registries.conf:/etc/containers/registries.conf:ro + environment: + - TZ=${TZ:-UTC} + healthcheck: + test: ["CMD", "podman", "info"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 10s + deploy: + resources: + limits: + cpus: ${PODMAN_CPU_LIMIT:-2.0} + memory: ${PODMAN_MEMORY_LIMIT:-4G} + reservations: + cpus: ${PODMAN_CPU_RESERVATION:-1.0} + memory: ${PODMAN_MEMORY_RESERVATION:-2G} + +volumes: + podman_data: