Kata Containers 的第一个版本完成了英特尔 ClearContainers 和 Hyper runV 技术的合并,并提供了与 Docker 和 Kubernetes 等容器生态系统技术无缝集成的 OCI 兼容 runtime。kata runtime 兼容 OCI 和 CRI-O
Kata Containers 1.0.0 组件包括:
Kata Containers runtime 1.0.0
Kata Containers proxy 1.0.0
Kata Containers shim 1.0.0
Kata Containers agent 1.0.0
KSM throttler 1.0.0
Guest operating system building scripts
1,安装docker-ce:
# curl https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
# yum install docker-ce -y
# systemctl enable docker.service && systemctl start docker.service
2,安装 kata :
# curl http://download.opensuse.org/repositories/home:/katacontainers:/release/CentOS_7/home:katacontainers:release.repo -o /etc/yum.repos.d/katacontainers.repo
# yum -y install kata-runtime kata-proxy kata-shim
检查硬件是否支持运行 kata :
# kata-runtime kata-check
INFO[0000] CPU property found description="Intel Architecture CPU" name=GenuineIntel pid=19249 source=runtime type=attribute
INFO[0000] CPU property found description="64Bit CPU" name=lm pid=19249 source=runtime type=flag
INFO[0000] CPU property found description=SSE4.1 name=sse4_1 pid=19249 source=runtime type=flag
INFO[0000] CPU property found description="Virtualization support" name=vmx pid=19249 source=runtime type=flag
INFO[0000] kernel property found description="Kernel-based Virtual Machine" name=kvm pid=19249 source=runtime type=module
INFO[0000] kernel property found description="Host kernel accelerator for virtio" name=vhost pid=19249 source=runtime type=module
INFO[0000] kernel property found description="Host kernel accelerator for virtio network" name=vhost_net pid=19249 source=runtime type=module
INFO[0000] kernel property found description="Intel KVM" name=kvm_intel pid=19249 source=runtime type=module
WARN[0000] kernel module parameter has unexpected value description="Intel KVM" expected=Y name=kvm_intel parameter=nested pid=19249 source=runtime type=module value=N
INFO[0000] Kernel property value correct description="Intel KVM" expected=Y name=kvm_intel parameter=unrestricted_guest pid=19249 source=runtime type=module value=Y
INFO[0000] System is capable of running Kata Containers name=kata-runtime pid=19249 source=runtime
INFO[0000] device available check-type=full device=/dev/kvm name=kata-runtime pid=19249 source=runtime
INFO[0000] feature available check-type=full feature=create-vm name=kata-runtime pid=19249 source=runtime
INFO[0000] System can currently create Kata Containers name=kata-runtime pid=19249 source=runtime
注意:最后一句 System can currently create Kata Containers 证明可以正常支持。
拷贝 kata 配置文件:
# cp /usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers/configuration.toml
3,设置 docker 使用 kata :
# mkdir -p /etc/systemd/system/docker.service.d/
# cat > /etc/systemd/system/docker.service.d/kata-containers.conf << EOF
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -D --add-runtime kata-runtime=/usr/bin/kata-runtime --default-runtime=kata-runtime
EOF
重启容器生效:
# systemctl daemon-reload && systemctl restart docker.service
# ps -ef|grep kata
root 18720 1 0 16:39 ? 00:00:00 /usr/bin/dockerd -D --add-runtime kata-runtime=/usr/bin/kata-runtime --default-runtime=kata-runtime
4,运行容器:
# docker run -it busybox sh
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a3b600eeff64 busybox "sh" 42 minutes ago Up About a minute festive_noether
通过 kata 查看容器:
# kata-runtime list --kata-all
ID PID STATUS BUNDLE CREATED OWNER HYPERVISOR KERNEL IMAGE LATEST-KERNEL LATEST-IMAGE STALE
a3b600eeff643333acd1a686ad7c4480aaf87a9e9a10ceef3f23a7f7abed8dbf 19398 running /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/a3b600eeff643333acd1a686ad7c4480aaf87a9e9a10ceef3f23a7f7abed8dbf 2018-05-23T09:21:10.215271226Z #0 /usr/bin/qemu-lite-system-x86_64 /usr/share/kata-containers/vmlinuz-4.14.22-126.1.container /usr/share/kata-containers/kata-containers-image_clearlinux_agent_a099747.img /usr/share/kata-containers/vmlinuz-4.14.22-126.1.container /usr/share/kata-containers/kata-containers-image_clearlinux_agent_a099747.img -
网友评论