Skip to content

Containers

Complex software environments are often easiest to ship as containers. The cluster supports the Apptainer/Singularity runtime, which runs entirely in user space and has built-in GPU support.

Downloading a container

Pull a container from DockerHub and write it to a Singularity Image File (SIF):

$ apptainer pull docker://ubuntu:latest    # creates ubuntu_latest.sif

Opening a shell inside the container

$ apptainer shell ubuntu_latest.sif

Inside the shell, your home directory is mounted as usual, but the rest of the filesystem is provided by the container and is read-only.

GPU support

Pass --nv to expose NVIDIA GPUs inside the container:

$ apptainer shell --nv tensorflow_latest.sif

Mounting additional paths

Use --bind to expose host paths inside the container. The argument can take three forms: bind-path, bind-source:bind-destination, or bind-source:bind-destination:rw / :ro.

# mount /tmp as /tmp, mount /data as /container-data read-only
apptainer shell --bind /tmp --bind /data:/container-data:ro alpine_latest.sif

Writable containers and fakeroot

To modify files inside a container, attach a persistent overlay — either as a separate file or embedded in the SIF. See the upstream guide on persistent overlays.

Apptainer's fakeroot feature lets you become "root" inside the container (without actual host root privileges) so you can install packages.

A quick fakeroot recipe:

# create a 1 GB overlay for changed/added files on top of the container
apptainer overlay create --fakeroot --size 1024 overlay.img

# enter the container with the overlay mounted
apptainer shell --cleanenv --fakeroot --overlay overlay.img ubuntu_latest.sif

# now you can install your own software
apt-get update
apt-get install git