From db411c23e83cf2fcf2a39d6169bfbe7c9c7178ee Mon Sep 17 00:00:00 2001 From: "James O. D. Hunt" Date: Thu, 16 Dec 2021 12:53:16 +0000 Subject: [PATCH] docs: Split k8s info out of arch doc Move the Kubernetes information out of the architecture doc and into a separate file. Partially fixes: #3246. Signed-off-by: James O. D. Hunt --- docs/design/architecture/README.md | 38 ++------------------------ docs/design/architecture/kubernetes.md | 35 ++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 35 deletions(-) create mode 100644 docs/design/architecture/kubernetes.md diff --git a/docs/design/architecture/README.md b/docs/design/architecture/README.md index 89c877b4ef..c92750847a 100644 --- a/docs/design/architecture/README.md +++ b/docs/design/architecture/README.md @@ -80,7 +80,7 @@ The shimv2 architecture allows running several containers per VM to support container engines that require multiple containers running inside a pod. -With the new architecture [Kubernetes](#kubernetes-support) can +With the new architecture [Kubernetes](kubernetes.md) can launch both Pod and OCI compatible containers with a single [runtime](#runtime) shim per Pod, rather than `2N+1` shims. No stand alone `kata-proxy` process is required, even if VSOCK is not @@ -141,7 +141,7 @@ The reasons for containerizing the [workload](#workload) inside the VM are: - Isolates the workload entirely from the VM environment. -- Provides better isolation between containers in a [pod](#kubernetes-support). +- Provides better isolation between containers in a [pod](kubernetes.md). - Allows the workload to be managed and monitored through its cgroup confinement. @@ -518,39 +518,7 @@ See the [storage document](storage.md). ## Kubernetes support -[Kubernetes](https://github.com/kubernetes/kubernetes/), or K8s, is a popular open source -container orchestration engine. In Kubernetes, a set of containers sharing resources -such as networking, storage, mount, PID, etc. is called a -[pod](https://kubernetes.io/docs/user-guide/pods/). - -A node can have multiple pods, but at a minimum, a node within a Kubernetes cluster -only needs to run a container runtime and a container agent (called a -[Kubelet](https://kubernetes.io/docs/admin/kubelet/)). - -Kata Containers represents a Kubelet pod as a VM. - -A Kubernetes cluster runs a control plane where a scheduler (typically -running on a dedicated master node) calls into a compute Kubelet. This -Kubelet instance is responsible for managing the lifecycle of pods -within the nodes and eventually relies on a container runtime to -handle execution. The Kubelet architecture decouples lifecycle -management from container execution through a dedicated gRPC based -[Container Runtime Interface (CRI)](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/container-runtime-interface-v1.md). - -In other words, a Kubelet is a CRI client and expects a CRI -implementation to handle the server side of the interface. -[CRI-O](https://github.com/kubernetes-incubator/cri-o) and -[containerd](https://github.com/containerd/containerd/) are CRI -implementations that rely on -[OCI](https://github.com/opencontainers/runtime-spec) compatible -runtimes for managing container instances. - -Kata Containers is an officially supported CRI-O and containerd -runtime. Refer to the following guides on how to set up Kata -Containers with Kubernetes: - -- [How to use Kata Containers and containerd](../../how-to/containerd-kata.md) -- [Run Kata Containers with Kubernetes](../../how-to/run-kata-with-k8s.md) +See the [Kubernetes document](kubernetes.md). #### OCI annotations diff --git a/docs/design/architecture/kubernetes.md b/docs/design/architecture/kubernetes.md new file mode 100644 index 0000000000..be7377b39f --- /dev/null +++ b/docs/design/architecture/kubernetes.md @@ -0,0 +1,35 @@ +# Kubernetes support + +[Kubernetes](https://github.com/kubernetes/kubernetes/), or K8s, is a popular open source +container orchestration engine. In Kubernetes, a set of containers sharing resources +such as networking, storage, mount, PID, etc. is called a +[pod](https://kubernetes.io/docs/user-guide/pods/). + +A node can have multiple pods, but at a minimum, a node within a Kubernetes cluster +only needs to run a container runtime and a container agent (called a +[Kubelet](https://kubernetes.io/docs/admin/kubelet/)). + +Kata Containers represents a Kubelet pod as a VM. + +A Kubernetes cluster runs a control plane where a scheduler (typically +running on a dedicated master node) calls into a compute Kubelet. This +Kubelet instance is responsible for managing the lifecycle of pods +within the nodes and eventually relies on a container runtime to +handle execution. The Kubelet architecture decouples lifecycle +management from container execution through a dedicated gRPC based +[Container Runtime Interface (CRI)](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/container-runtime-interface-v1.md). + +In other words, a Kubelet is a CRI client and expects a CRI +implementation to handle the server side of the interface. +[CRI-O](https://github.com/kubernetes-incubator/cri-o) and +[containerd](https://github.com/containerd/containerd/) are CRI +implementations that rely on +[OCI](https://github.com/opencontainers/runtime-spec) compatible +runtimes for managing container instances. + +Kata Containers is an officially supported CRI-O and containerd +runtime. Refer to the following guides on how to set up Kata +Containers with Kubernetes: + +- [How to use Kata Containers and containerd](../../how-to/containerd-kata.md) +- [Run Kata Containers with Kubernetes](../../how-to/run-kata-with-k8s.md)