Expand description
Backing-container runtime for EC2 instances.
RunInstances spins a real container per instance; the instance
lifecycle (Start/Stop/Reboot/Terminate) maps onto the container
lifecycle, and DescribeInstances reports the container’s real private
IP. The container can run either as a local Docker/Podman container (the
default) or as a native Kubernetes Pod (FAKECLOUD_EC2_BACKEND=k8s or the
global FAKECLOUD_CONTAINER_BACKEND=k8s).
Operations are keyed by instance id, not the backend handle: a
Kubernetes Pod can’t be stopped and restarted in place, so Stop deletes
the Pod and Start/Reboot recreate it. The runtime therefore keeps,
per instance, the handle plus enough of the original request (image,
user-data) to recreate the backing container deterministically.
The runtime is strictly additive: when no container backend is available the control plane keeps its metadata-faithful behaviour (synthesized IPs, state transitions) so every API call still succeeds. Real container backing is best-effort fidelity layered on top.
Modules§
- firewall
- Security-group + network-ACL packet filtering (issue #1745 phase 3).
- netpolicy
- Kubernetes NetworkPolicy enforcement for EC2 security groups (#1745 ph4).
Structs§
- Ec2Runtime
- Firewall
Enforcer - Host firewall enforcement for security groups + NACLs (#1745 phase 3).
- Instance
Network - The L3 placement of an instance’s backing container: which subnet it lands in and whether that subnet is private.
- Network
Isolation Summary - How this runtime isolates instance traffic, surfaced by the
/_fakecloud/ec2/instance-networksintrospection endpoint so users can answer “why can’t X reach Y” — which backend, which SG-enforcement mechanism, and whether it’s actually active vs degraded to metadata-only. - Running
Instance - A running instance’s backing container.
Enums§
- Backend
Init Error - Error initializing the Kubernetes backend at startup. Surfaced to the operator so a misconfigured cluster fails fast rather than silently falling back to Docker.
- Runtime
Error
Functions§
- subnet_
network_ name - The daemon network name backing an EC2 subnet. Stable per subnet so every instance in the subnet attaches to the same bridge.