diff --git a/docs/README.md b/docs/README.md index efea181844..550f1aba8d 100644 --- a/docs/README.md +++ b/docs/README.md @@ -48,6 +48,7 @@ Documents that help to understand and contribute to Kata Containers. ### Design and Implementations * [Kata Containers Architecture](design/architecture.md): Architectural overview of Kata Containers +* [Kata Containers E2E Flow](design/end-to-end-flow.md): The entire end-to-end flow of Kata Containers * [Kata Containers design](./design/README.md): More Kata Containers design documents ### How to Contribute diff --git a/docs/design/arch-images/katacontainers-e2e-with-bg.jpg b/docs/design/arch-images/katacontainers-e2e-with-bg.jpg new file mode 100644 index 0000000000..843de789e7 Binary files /dev/null and b/docs/design/arch-images/katacontainers-e2e-with-bg.jpg differ diff --git a/docs/design/arch-images/katacontainers-e2e.svg b/docs/design/arch-images/katacontainers-e2e.svg new file mode 100644 index 0000000000..1bbe1c71b5 --- /dev/null +++ b/docs/design/arch-images/katacontainers-e2e.svg @@ -0,0 +1,16 @@ + + + + + + + Kata-agentgrpcyamuxGuest (Pod Sandbox)c1c2c3c4processesmanagesmanageslibcontainer (runC)gRPC urlvirtcontainersconfiguration.tomlpath to HVdebug -> Trueuser-spaceKernel-space(systemd ....equivalent to runC)virtio-vsockvvOCI Rumtime cmd/SpecsconfigurationExecutionlifecyclecreatestartexeckillNetwork namespacecreatNS()createSandBox()createContainer()createNetwork()vethvethmacvtaptapHost eno1virtio-netOVS bridgetc-filterservice RuntimeService { // Sandbox operations. rpc RunPodSandbox(RunPodSandboxRequest) returns (RunPodSandboxResponse) {} rpc StopPodSandbox(StopPodSandboxRequest) returns (StopPodSandboxResponse) {} rpc RemovePodSandbox(RemovePodSandboxRequest) returns (RemovePodSandboxResponse) {} rpc PodSandboxStatus(PodSandboxStatusRequest) returns (PodSandboxStatusResponse) {} rpc ListPodSandbox(ListPodSandboxRequest) returns (ListPodSandboxResponse) {} // Container operations. rpc CreateContainer(CreateContainerRequest) returns (CreateContainerResponse) {} rpc StartContainer(StartContainerRequest) returns (StartContainerResponse) {} rpc StopContainer(StopContainerRequest) returns (StopContainerResponse) {} rpc RemoveContainer(RemoveContainerRequest) returns (RemoveContainerResponse) {} rpc ListContainers(ListContainersRequest) returns (ListContainersResponse) {} rpc ContainerStatus(ContainerStatusRequest) returns (ContainerStatusResponse) {} ...}CRI-Oor containerdKubeletCRI ClientCRI Server(CRI-O Daemon or containerd CRI Plugin) kata-runtimekata-proxylegacy components < 1.5/etc/crio/crio.conf/etc/containerd/config.yaml/etc/crio/crio.conf.d/00-defaultOrconfigurationcontainerd-shim-kata-v2 virtiofsVMM (QEMU, Firecracker, CHV,...)hotplugginguser-spaceKernel-spaceKVMioctls()VMEXITskata-shimI/OstrerrstdoutI/OOCI cmd/specs/usr/share/defaults/kata-containersguest kernelmin-OS imageUDSunix://urlSignalProcessRequestTtyWinResize{ "ociVersion": "1.0.1", "process": {...}, "root": { "path": "rootfs", "readonly": true }, "hostname": "slartibartfast", "mounts": ..., "hooks": ..., "linux":..., "annotations": { // Semantics for creating a"VM". "io.kubernetes.cri-o.ContainerType": "sandbox", // Semantics for creating a "Container". "io.kubernetes.cri-o.ContainerType": "container" }}Resides in NSconfig.jsonCRI[crio.runtime.runtimes.kata]runtime_type = "vm" runtime_path = "/usr/local/bin/containerd-shim-kata-v2" runtime_root = "/run/vc" ((((((((((((((((((((( ((((((((((((((((((((((((((((((( (((((((((((((((((((( (((((((((((((((((((. ((((((((((((((((((((((((( ((((((((((((((((((((((((( ((((((((((((((((((((((((((( ,((((((((((((((((((((((((((( (((((((((((((((((((((((( (((((((((((((((((((((((( ((((((((( ((((((( ((((((( ((((((((( (((((((((((( ((((( (((((( (((((((((((( (((((((((((((((( (((((((( /(((((((( ((((((((((((((( (((((((((((((( (((( (((( /(((((((((((((( (((((((((((((( (((( ((( ((((((((((((((( (((((((((((((( ((((((( ((((((( (((((((((((((( ((((((((((((((/ (((((((( ((((( ((((((( ((((((((((((((( ((((((((((((((( ((( ((((((((((((((( ((((((((( /(((( ((((/ ((((((((( /(((((((((( (((((( (((((((( , (((((((( ((((((.(((((((((( (((((((((((((((((( ((((( ((((( ((((( (((((((((((((((((( (((((((((((((((((( (( ((((((( (( (((((((((((((((((( (((((((((((((((((( ((((((((( (((((((((((((((((( ((((((((((((((((((( ((((((((((((((((((( (((((((((((((((( ((((((((((((((((( (((((((((((((((( (((((((((((( (((((((((((((((((( (((((((((((( ((((((((((((((((((((((((((((((((((((((((((((( ((((((((((((((((((((((((((((((((((((((((( ((((((((((((((((((((((((((((((((((((( ((((((((((((((((((((((((((((((((high-level runtimelow-level runtime /// /// *// // /// ////. /// ,// //.,/ /// // /// /// ,/ //* /// // /// //, ,/ /// /// /// // // /// ,//// /// // // // /// // // /// //, /// ,/ // /// /// //// // // // // // /// // ,/ /// // // // // /// // // // //, /// ,/ /// /// /// ///// // //, / /// /// //. ///// .RunPodSandboxRequestKata-monitor (v2.0)ttrpcsockapiVersion: v1kind: Podmetadata: name: mypodspec:runtimeClassName:kata[hypervisor.qemu]path = "/usr/bin/qemu-system-x86_64"machine_type = "q35"kernel = "/usr/local/share/kata-containers/vmlinuz.container"initrd = "/usr/local/share/kata-containers/kata-containers-initrd.img"kernel_params = "systemd.unified_cgroup_hierarchy=0"/usr/local/etc/kata-containers/configuration.toml(e.g., using QEMU)Watchescreatesservice Task { rpc State(StateRequest) returns (StateResponse); rpc Create(CreateTaskRequest) returns (CreateTaskResponse); rpc Start(StartRequest) returns (StartResponse); rpc Delete(DeleteRequest) returns (DeleteResponse); rpc Pids(PidsRequest) returns (PidsResponse); rpc Pause(PauseRequest) returns (google.protobuf.Empty); rpc Resume(ResumeRequest) returns (google.protobuf.Empty); rpc Checkpoint(CheckpointTaskRequest) returns (google.protobuf.Empty); rpc Kill(KillRequest) returns (google.protobuf.Empty); rpc Exec(ExecProcessRequest) returns (google.protobuf.Empty); rpc ResizePty(ResizePtyRequest) returns (google.protobuf.Empty); rpc CloseIO(CloseIORequest) returns (google.protobuf.Empty); rpc Update(UpdateTaskRequest) returns (google.protobuf.Empty); rpc Wait(WaitRequest) returns (WaitResponse); rpc Stats(StatsRequest) returns (StatsResponse); rpc Connect(ConnectRequest) returns (ConnectResponse); rpc Shutdown(ShutdownRequest) returns (google.protobuf.Empty);} \ No newline at end of file diff --git a/docs/design/end-to-end-flow.md b/docs/design/end-to-end-flow.md new file mode 100644 index 0000000000..edccb10941 --- /dev/null +++ b/docs/design/end-to-end-flow.md @@ -0,0 +1,4 @@ +# Kata Containers E2E Flow + + +![Kata containers e2e flow](arch-images/katacontainers-e2e-with-bg.jpg)