f59e367706
- doc: update architecture.md link - VMCache: check if vm_cache_endpoint file exists before VMCache server… - vsock: Pass info about vsock being used or not to the agent. - qemu: fix qemu leak when failed to start container - hypervisor: return cpu->threadID mapping - tests: do cleanUp() always in the end - cgroups: remove duplicate fields from state - shimv2: optionally plug rootfs block storage instead of mounting it - linter: remove deadcode linter check for generic item - virtcontainers: firecracker: disable ACPI - config: validate proxy path - lint: Change go linter from gometalinter to golangci-lint - Factory: Fix fake return value issue on creating template - config: Add config flag "experimental" - Add more build targets - Update collect script for dax nvdimm images - Allow data collection to be hidden - config: Make VMCache can work with vsock - ci: check curl before use it - virtcontainers: improve security and mount the rootfs as read-only fs - refactor: improve readability of `bumpAttachCount`57b103avsock: Pass info about vsock being used or not to the agent.fb64a3edoc: update architecture.md linkb6f382eVMCache: check if vm_cache_endpoint file exists before VMCache server runsdd6d1e4fc: return vcpu thread info properly6fda03ehypervisor: make getThreadIDs return vcpu to threadid mappingad697ccvendor: add prometheus/procfs dependency0e2be42vendor: fix containerd/cgroups dependency52c66d2shimv2: plugin the block backed rootfs directly instead of mount it628ea46virtcontainers: change container's rootfs from string to mount alike structc0aedebvirtcontainers: firecracker: disable ACPI096fa04qemu: fix qemu leak when failed to start container2e5194elinter: remove deadcode linter check for generic itemdca7a6fconfig: validate proxy pathdd6e8ebtests: do cleanUp() always in the endad7d9b7cgroups: remove duplicate fields from statef442876lint: Update go linter from gometalinter to golangci-lint.5d761cescripts: Handle images with a DAX/NVDIMM headerbdf6b2dscripts: Handle missing partitions in collect scriptad228e3build: Add missing targets to show-usagee6a7091build: Allow runtime to be built+installed without shim206ffc6build: Don't build the runtime when building shim binary639e827config: Make VMCache can work with vsockaec0d26ci: check curl before use it9b73900katautils: mask systemd-random-seed6498466virtcontainers: improve security and mount the rootfs as read-only fs26a9b72refactor: improve readability of `bumpAttachCount`5a271f0scripts: Allow data collection script output to be hidden4f34a54scripts: Refactor collect scripteadf977Factory: Fix fake return value issue on creating templateda80c70config: enhance Feature structure111774cconfig: add docs for experimental050f03bconfig: Add config flag "experimental" Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Runtime
This repository contains the runtime for the Kata Containers project.
For details of the other Kata Containers repositories, see the repository summary.
- Introduction
- License
- Platform support
- Download and install
- Quick start for developers
- Architecture overview
- Configuration
- Logging
- Debugging
- Limitations
- Community
- Further information
Introduction
kata-runtime, referred to as "the runtime", is the Command-Line Interface
(CLI) part of the Kata Containers runtime component. It leverages the
virtcontainers
package to provide a high-performance standards-compliant runtime that creates
hardware-virtualized containers.
The runtime is OCI-compatible, CRI-O-compatible, and Containerd-compatible, allowing it to work seamlessly with both Docker and Kubernetes respectively.
License
The code is licensed under an Apache 2.0 license.
See the license file for further details.
Platform support
Kata Containers currently works on systems supporting the following technologies:
- Intel VT-x technology.
- ARM Hyp mode (virtualization extension).
- IBM Power Systems.
- IBM Z mainframes.
Hardware requirements
The runtime has a built-in command to determine if your host system is capable of running a Kata Container:
$ kata-runtime kata-check
Note:
If you run the previous command as the
rootuser, further checks will be performed (e.g. it will check if another incompatible hypervisor is running):$ sudo kata-runtime kata-check
Download and install
See the installation guides available for various operating systems.
Quick start for developers
See the developer guide.
Architecture overview
See the architecture overview for details on the Kata Containers design.
Configuration
The runtime uses a TOML format configuration file called configuration.toml.
The file contains comments explaining all options.
Note:
The initial values in the configuration file provide a good default configuration. You might need to modify this file if you have specialist needs.
Since the runtime supports a
stateless system,
it checks for this configuration file in multiple locations, two of which are
built in to the runtime. The default location is
/usr/share/defaults/kata-containers/configuration.toml for a standard
system. However, if /etc/kata-containers/configuration.toml exists, this
takes priority.
The command below lists the full paths to the configuration files that the runtime attempts to load. The first path that exists is used:
$ kata-runtime --kata-show-default-config-paths
Aside from the built-in locations, it is possible to specify the path to a
custom configuration file using the --kata-config option:
$ kata-runtime --kata-config=/some/where/configuration.toml ...
The runtime will log the full path to the configuration file it is using. See the logging section for further details.
To see details of your systems runtime environment (including the location of the configuration file being used), run:
$ kata-runtime kata-env
Logging
The runtime provides --log= and --log-format= options. However, the
runtime always logs to the system log (syslog or journald).
To view runtime log output:
$ sudo journalctl -t kata-runtime
For detailed information and analysis on obtaining logs for other system components, see the documentation for the kata-log-parser tool.
Debugging
See the debugging section of the developer guide.
Limitations
See the limitations file for further details.
Community
Contact
See how to reach the community.
Further information
See the project table of contents and the documentation repository.