iklabib/Kerat
Archived
1
0
Fork 0
Code Issues Pull requests Activity
No description
This repository has been archived on 2025-11-19. You can view files and clone it, but you cannot make any changes to its state, such as pushing and creating new issues, pull requests or comments.
83 commits 1 branch 0 tags 215 KiB
  • Go 73.5%
  • Python 7.7%
  • C# 7.2%
  • Shell 6.9%
  • Dockerfile 4.7%
Find a file
iklabib 9993c0bc11
 Update README.md
2025-05-24 21:44:31 +07:00
cmd/kerat slight refactor 2025-01-19 23:57:24 +08:00
containerfiles rebase to distroless 2025-05-24 20:34:07 +07:00
pkg add queue implementation 2024-10-22 21:24:33 +07:00
processor no new privileges 2025-05-24 20:41:41 +07:00
server restructure 2025-01-19 01:33:48 +08:00
template reflect template csharp 2025-05-24 20:40:26 +07:00
util chore 2025-02-26 11:31:04 +07:00
.dockerignore whole lot ot patches 2024-11-18 00:33:08 +07:00
.gitignore ignore vendor 2024-10-24 10:33:14 +07:00
build.sh rebase to distroless 2025-05-24 20:34:07 +07:00
config.yaml update config 2025-04-04 04:24:00 +07:00
Dockerfile rebase to distroless 2025-05-24 20:34:07 +07:00
go.mod bumping deps versions 2025-01-08 21:16:17 +08:00
go.sum bumping deps versions 2025-01-08 21:16:17 +08:00
LICENSE Initial commit 2024-08-20 21:54:59 +07:00
README.md Update README.md 2025-05-24 21:44:31 +07:00

README.md

Kerat

I slapped gvisor to container and call it a sandbox. In nutshell, just like Go Playground does.

How it works?

We have a compiler container that receive source code, compile them to executable binary, and run said executable in another container. No brainer.

How to run

Requirements:

Kerat spawn another container, so it need host's docker socket and pulling runtime images.

$ curl -sSL https://raw.githubusercontent.com/iklabib/Kerat/refs/heads/main/build.sh -o build.sh
$ chmod +x build.sh
$ ./build.sh pull
$ docker run -p 31415:31415 \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -it iklabib/kerat:engine

You can build the images yourself if you want to, with amd64 and arm64 support.

$ git pull https://github.com/iklabib/Kerat.git
$ cd Kerat
$ ./build.sh all amd64 # or arm64

Request sample (not exactly user friendly, there is a reason for that).

$ curl --request POST \
  --url http://127.0.0.1:31415/submit \
  --header 'content-type: application/json' \
  --data '{
  "exercise_id": "dummy",
  "subtype": "python",
  "source": {
    "src_test": [
      {
        "filename": "test_example.py",
        "src": "from example import add\nimport unittest\n\nclass TestExample(unittest.TestCase):\n    def test_addition(self):\n        self.assertEqual(add(1,1), 2)"
      }
    ],
    "src": [
      {
        "filename": "example.py",
        "src": "def add(a, b):\n    return a + b"
      }
    ]
  }
}'

# output sample
# {
#  "success": true,
#  "build": "",
#  "tests": [
#    {
#      "passed": true,
#      "name": "test_addition",
#      "message": "",
#      "stack_trace": ""
#    }
#  ],
#  "metrics": {
#    "exit_code": 0,
#    "wall_time": 0.6828688,
#    "cpu_time": 127178000,
#    "memory": 16707584
#  }
# }

Running the engine with gVisor

iklabib/kerat:engine is the container that compiles source codes and spawn container to run them. It need access to host's docker socket, this is blocked by default by gVisor. Here is how to get around the issue.

Add runsc-uds lines to your /etc/docker/daemon.json and reload docker sudo systemctl reload docker.service.

{
    "runtimes": {
        "runsc": {
            "path": "/usr/local/bin/runsc"
       },
        "runsc-uds": {
          "path": "/usr/local/bin/runsc",
          "runtimeArgs": [
            "--host-uds=open"
        ]
       }
    }
}

Now you can use runsc-uds as docker runtime.

$ docker run --runtime=runsc-uds -p 31415:31415 \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -it kerat:engine