mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-02-22 06:43:41 +00:00
20ca4d2d79
1. Add disable_block_device_use to CLH settings file, for parity with the already existing QEMU settings. 2. Set DEFDISABLEBLOCK := true by default for both QEMU and CLH. After this change, Kata Guests will use by default virtio-fs to access container rootfs directories from their Hosts. Hosts that were designed to use Host block devices attached to the Guests can re-enable these rootfs block devices by changing the value of disable_block_device_use back to false in their settings files. 3. Add test using container image without any rootfs layers. Depending on the container runtime and image snapshotter being used, the empty container rootfs image might get stored on a host block device that cannot be safely hotplugged to a guest VM, because the host is using the same block device. 4. Add block device hotplug safety warning into the Kata Shim configuration files. Signed-off-by: Dan Mihai <dmihai@microsoft.com> Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com> Signed-off-by: Cameron McDermott <cameron@northflank.com>
Howto Guides
Kubernetes Integration
- Run Kata containers with
crictl - Run Kata Containers with Kubernetes
- How to use Kata Containers and Containerd
- How to use Kata Containers and containerd with Kubernetes
- Kata Containers and service mesh for Kubernetes
- How to import Kata Containers logs into Fluentd
Hypervisors Integration
Currently supported hypervisors with Kata Containers include:
-
qemu -
cloud-hypervisor -
firecrackerIn the case of
firecrackerthe use of a block devicesnapshotteris needed for the VM rootfs. Refer to the following guide for additional configuration steps:
Confidential Containers Policy
Advanced Topics
- How to use Kata Containers with virtio-fs
- Setting Sysctls with Kata
- What Is VMCache and How To Enable It
- What Is VM Templating and How To Enable It
- How to Use Template in runtime-rs
- Privileged Kata Containers
- How to load kernel modules in Kata Containers
- How to use Kata Containers with
virtio-mem - How to set sandbox Kata Containers configurations with pod annotations
- How to monitor Kata Containers in K8s
- How to use hotplug memory on arm64 in Kata Containers
- How to setup swap devices in guest kernel
- How to run rootless vmm
- How to run Docker with Kata Containers
- How to run Kata Containers with
nydus - How to run Kata Containers with AMD SEV-SNP
- How to run Kata Containers with IBM Secure Execution
- How to use EROFS to build rootfs in Kata Containers
- How to run Kata Containers with kinds of Block Volumes
- How to use the Kata Agent Policy
- How to pull images in the guest
- How to use mem-agent to decrease the memory usage of Kata container
- How to use seccomp with runtime-rs