f128195249
- kubernetes: update kubernetes to v1.15.3 for AArch64 - vsock: set VHOST_VSOCK_SET_GUEST_CID for ppc64le - tests: allow running unit tests using podman - vc: Delete store when new/create container is failed - virtcontainers: fix kernel modules annotations - vendor: update govmm - kata-check: require kvm modules for amd64 - kata-check: reduce default output verbosity - v2: Prevent killing all container processes when exec is failed - api: add a CleanupContainer api for VC - shim v2: add network stat in metric - qemu: fix error message miss - Fix the issue of update resources wrong - monitor: enlarge watch buffer - add virtiofsd to sandbox cgroup - virtcontainers: Fix the issue of watching console for firecracker - versions: update version of qemu to 4.1.0 - qemu interaction improvements - add watchconsole for no_proxy type - qemu: do not try to stop qemu multiple times - do not hotplug network device when stopping sandbox - agent: add default timeout for grpc requests - container: do not pause a StateReady container - sandbox: remove network before stopping vm - virtcontainers: fix hotplug block/net devices execeed pciBridgeMaxCap… - vsock: Propogate error for vsock ioctl - versions: kernel: update to 4.19.65 - network: Ignore routes with proto as "kernel" - network: Deprecate bridged networking mode. - network: fix failed to remove network - virtcontainers: add support for loading kernel modules - shim-v2: fix shim leak when hypervisor exit unexpectly - virtiofs: wait for virtiofsd process to release its resources - pkg/katautils: Do not set `init` in the kernel command line - virtiofs: fix virtiofs crash when cache=none - acrn: Add toml to gitignore - versions: Upgrade to k8s 1.15 - virtcontainers: support SMP die - qemu: support vfio pass x-pci-vendor-id and x-pci-device-id pass - Remove nested vendor dir - Fix UT failures with non-root - persist: manage "hypervisor.json" with new store - improve robustness w.r.t. dead hypervisor - virtcontainers: convert virtcontainers tests to testify/assert - ci: Allow travis to use go install script611a860kubernetes: update kubernetes for AArch64ba3d3davendor: update govmmc8e5659virtcontainers: fix kernel modules annotationsa5f1744vc: Delete store when new/create container is failed8cf0f06vsock: set VHOST_VSOCK_SET_GUEST_CID based based on archff8d23dtests: allow running unit tests using podmanc91556aapi: add a CleanupContainer api for VC4cf0703v2: Prevent killing all container processes when exec is failed5bfca6etest: add arch required kernel modulesc54f00akata-check: reduce default output verbosity24fcd1btest: add a generic function for CLI kata-check command52e68f5virtcontainers: cleanup the container config once failed5b749a5virtcontainers: remove the redundant sandbox config store50d4188qemu: fix error message miss0926c8dvirtcontainers: Fix the issue of watching console for firecracker0075bf8hypervisor: allow to return a slice of pids88e281cmonitor: enlarge watch bufferdb50978kata-check: require kvm/vhost modules for amd644deeb05versions: update version of qemu to 4.1.04a28b52test: add test for network metricdc38ba7test: fix cgroup mock test6534357shim-v2: add network stat in metric21698aavendor: update cgroupe7457e6qemu: add logfile when debug is onaebc496qemu: fix memory prealloc option handling6c77d76qemu: check guest status with qmp query-status5b50b34shimv2: cancel monitor before stopping sandbox49184eevendor: update govmmd90eba8network: always cold unplug network devicesd26ff71Revert: "sandbox: remove network before stopping vm"debc7d9agent: add default timeout for grpc requests9d4050econtainer: do not pause a StateReady containerb58ab66qemu: do not try to stop qemu multiple times794e08esandbox: remove network before stopping vm31ddb4dvirtcontainers: add watchconsole for no_proxy type3fc17e9vsock: Propogate error for vsock ioctl565f14facrn: Change the default network model for ACRN to macvtap2c99b95network: Deprecate bridged networking mode.e467293virtcontainers: fix hotplug pci devices execeed max capacity bug604e1abversions: kernel: update to 4.19.65df7cf77network: Ignore routes with proto as "kernel"355b9c0virtcontainers: add support for loading kernel modules979f064vendor: update kata agent0832294pkg/katautils: Do not set `init` in the kernel command line2058751shim-v2: fix shim leak when hypervisor exit unexpectlya9168a3virtiofs: wait for virtiofsd process to release its resources263fb64acrn: Add toml to gitignore6e1e6a2virtiofs: fix virtiofs crash when cache=none50c3e56network: fix failed to remove network0d0a84eversions: Upgrade to k8s 1.157668aebvirtcontainers: support SMP die104c04dvendor: update govmme41a6b9vendor: Update vendor directories95e8a7adep: Remove nested vendor directoriesf3d0978persist: improve readability3bfbbd6persist: merge "network.json"99cf3f8persist: merge "agent.json"7d5e48fpersist: manage "hypervisor.json" with new stored5d7d82vc: move container mount cleanup to container.goe02f6dcshimv2: monitor sandbox liveness262484dmonitor: watch hypervisor67c401cagent: use hypervisor pid as backup proxy pid for non-kata proxy cases835b6e9sandbox: do not fail SIGKILLbc4460esandbox: support force stop4130913agent: mark agent dead when failing to connectc472a01container: allow to stop a paused containerf886c0bvc: drop container SetPid APIf2e6a31ci: Allow travis to use go install script3063391ut: skip TestBindUnmountContainerRootfsENOENTNotError for non-rootc4583f4ut: skip TestStartNetworkMonitor for non-rootf2423e7virtcontainers: convert virtcontainers tests to testify/assert50e263dqemu: support vfio pass x-pci-vendor-id and x-pci-device-id pass2cf4189vendor: update github.com/intel/govmm Signed-off-by: katacontainersbot <katacontainersbot@gmail.com>
Runtime
This repository contains the runtime for the Kata Containers project.
For details of the other Kata Containers repositories, see the repository summary.
- Introduction
- License
- Platform support
- Download and install
- Quick start for developers
- Architecture overview
- Configuration
- Logging
- Debugging
- Limitations
- Community
- Further information
- Additional packages
Introduction
kata-runtime, referred to as "the runtime", is the Command-Line Interface
(CLI) part of the Kata Containers runtime component. It leverages the
virtcontainers
package to provide a high-performance standards-compliant runtime that creates
hardware-virtualized Linux containers running on Linux hosts.
The runtime is OCI-compatible, CRI-O-compatible, and Containerd-compatible, allowing it to work seamlessly with both Docker and Kubernetes respectively.
License
The code is licensed under an Apache 2.0 license.
See the license file for further details.
Platform support
Kata Containers currently works on systems supporting the following technologies:
- Intel VT-x technology.
- ARM Hyp mode (virtualization extension).
- IBM Power Systems.
- IBM Z mainframes.
Hardware requirements
The runtime has a built-in command to determine if your host system is capable of running and creating a Kata Container:
$ kata-runtime kata-check
Note:
By default, only a brief success / failure message is printed. If more details are needed, the
--verboseflag can be used to display the list of all the checks performed.
rootpermission is needed to check if the system is capable of running Kata containers. In this case, additional checks are performed (e.g., if another incompatible hypervisor is running).
Download and install
See the installation guides available for various operating systems.
Quick start for developers
See the developer guide.
Architecture overview
See the architecture overview for details on the Kata Containers design.
Configuration
The runtime uses a TOML format configuration file called configuration.toml.
The file contains comments explaining all options.
Note:
The initial values in the configuration file provide a good default configuration. You might need to modify this file if you have specialist needs.
Since the runtime supports a
stateless system,
it checks for this configuration file in multiple locations, two of which are
built in to the runtime. The default location is
/usr/share/defaults/kata-containers/configuration.toml for a standard
system. However, if /etc/kata-containers/configuration.toml exists, this
takes priority.
The command below lists the full paths to the configuration files that the runtime attempts to load. The first path that exists is used:
$ kata-runtime --kata-show-default-config-paths
Aside from the built-in locations, it is possible to specify the path to a
custom configuration file using the --kata-config option:
$ kata-runtime --kata-config=/some/where/configuration.toml ...
The runtime will log the full path to the configuration file it is using. See the logging section for further details.
To see details of your systems runtime environment (including the location of the configuration file being used), run:
$ kata-runtime kata-env
Logging
The runtime provides --log= and --log-format= options. However, the
runtime always logs to the system log (syslog or journald).
To view runtime log output:
$ sudo journalctl -t kata-runtime
For detailed information and analysis on obtaining logs for other system
components, see the documentation for the
kata-log-parser
tool.
Debugging
See the debugging section of the developer guide.
Limitations
See the limitations file for further details.
Community
Contact
See how to reach the community.
Further information
See the project table of contents and the documentation repository.
Additional packages
For details of the other packages contained in this repository, see the package documentation.