mirror of
https://github.com/aljazceru/kata-containers.git
synced 2025-12-30 04:24:29 +01:00
bfbd4edcca
Don't force Docker to be kept at version 18.06 (to ensure devicemapper is available). This feature won't be re-added by Docker and remaining on an old version of Docker is not good from a security perspective. Replace the pinning with a note pointing users at an issue which provides details of alternatives to devicemapper. Fixes #407. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
3.0 KiB
3.0 KiB
Install Docker for Kata Containers on Debian
Note:
- This guide assumes you have already installed the Kata Containers packages.
- This guide allows for installation with
systemdorsysVinitinit systems.
-
Install the latest version of Docker with the following commands:
Notes:
- This step is only required if Docker is not installed on the system.
- Docker version 18.09 removed devicemapper support. If you wish to use a block based backend, see the options listed on https://github.com/kata-containers/documentation/issues/407.
$ sudo apt-get -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common $ curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg | sudo apt-key add - $ sudo add-apt-repository "deb https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable" $ sudo apt-get update $ sudo -E apt-get -y install docker-ceFor more information on installing Docker please refer to the Docker Guide.
-
Configure Docker to use Kata Containers by default with ONE of the following methods:
a. sysVinit
- with sysVinit, docker config is stored in `/etc/default/docker`, edit the options similar to the following:
```
$ sudo sh -c "echo '# specify docker runtime for kata-containers
DOCKER_OPTS=\"-D --add-runtime kata-runtime=/usr/bin/kata-runtime --default-runtime=kata-runtime\"' >> /etc/default/docker"
```
b. systemd
```bash
$ sudo mkdir -p /etc/systemd/system/docker.service.d/
$ cat <<EOF | sudo tee /etc/systemd/system/docker.service.d/kata-containers.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -D --add-runtime kata-runtime=/usr/bin/kata-runtime --default-runtime=kata-runtime
EOF
```
c. systemd Docker daemon.json
Add the following definitions to `/etc/docker/daemon.json`:
```bash
$ sudo sh -c "echo '{
\"default-runtime\": \"kata-runtime\",
\"runtimes\": {
\"kata-runtime\": {
\"path\": \"/usr/bin/kata-runtime\"
}
}
}' >> /etc/docker/daemon.json"
```
-
Restart the Docker systemd service with one of the following (depending on init choice):
a. sysVinit
$ sudo /etc/init.d/docker stop $ sudo /etc/init.d/docker startto watch for errors:
tail -f /var/log/docker.logb. systemd
$ sudo systemctl daemon-reload $ sudo systemctl restart docker -
Run Kata Containers
You are now ready to run Kata Containers:
$ sudo docker run busybox uname -aThe previous command shows details of the kernel version running inside the container, which is different to the host kernel version.