0a57e2bb32
In keeping with architecture of QemuCmdLine implementation we split the functionality into two objects: Netdev to represent and generate the -netdev part and DeviceVirtioNet for the -device virtio-net-<transport> part. This change is a pure refactor, existing functionality does not change. However, we do remove some stub generalizations and govmm-isms, notably: - we remove the NetDev enum since the only network interface types that kata seems to use with qemu are tuntap and macvtap, both of which are implemented by the same -netdev tap - enum DeviceDriver is also left out since it doesn't seem reasonable to try to represent VFIO NICs (which are completely different from virtio-net ones) with the same struct as virtio-net - we also remove VirtioTransport because there's no use for it so far, but with the expectation that it will be added soon. We also make struct Netdev the owner of any vhost-net and queue file descriptors so that their lifetime is tied ultimately to the lifetime of QemuCmdLine automatically, instead of returning the fds to the caller and forcing it to achieve the equivalent functionality but manually. Signed-off-by: Pavel Mores <pmores@redhat.com>
runtime-rs
Wath's runtime-rs
runtime-rs is a new component introduced in Kata Containers 3.0, it is a Rust version of runtime(shim). It like runtime, but they have many difference:
runtime-rsis written in Rust, andruntimeis written in Go.runtimeis the default shim in Kata Containers 3.0,runtime-rsis still under heavy development.runtime-rshas a completed different architecture thanruntime, you can check at the architecture overview.
Note:
runtime-rs is still under heavy development, you should avoid using it in critical system.
Architecture overview
Also, runtime-rs provides the following features:
- Turn key solution with builtin
DragonballSandbox, all components in one process - Async I/O to reduce resource consumption
- Extensible framework for multiple services, runtimes and hypervisors
- Lifecycle management for sandbox and container associated resources
See the architecture overview
for details on the runtime-rs design.
runtime-rs is a runtime written in Rust, it is composed of several crates.
This picture shows the overview about the crates under this directory and the relation between crates.
Not all the features have been implemented yet, for details please check the roadmap.
Crates
The runtime-rs directory contains some crates in the crates directory that compose the containerd-shim-kata-v2.
| Crate | Description |
|---|---|
shim |
containerd shimv2 implementation |
service |
services for containers, includes task service |
runtimes |
container runtimes |
resource |
sandbox and container resources |
hypervisor |
hypervisor that act as a sandbox |
agent |
library used to communicate with agent in the guest OS |
persist |
persist container state to disk |
shim
shim is the entry point of the containerd shim process, it implements containerd shim's binary protocol:
- start: start a new shim process
- delete: delete exist a shim process
- run: run ttRPC service in shim
containerd will launch a shim process and the shim process will serve as a ttRPC server to provide shim service through TaskService from service crate.
service
The runtime-rs has an extensible framework, includes extension of services, runtimes, and hypervisors.
Currently, only containerd compatible TaskService is implemented.
TaskService has implemented the containerd shim protocol,
and interacts with runtimes through messages.
runtimes
Runtime is a container runtime, the runtime handler handles messages from task services to manage containers. Runtime handler and Runtime instance is used to deal with the operation for sandbox and container.
Currently, only VirtContainer has been implemented.
resource
In runtime-rs, all networks/volumes/rootfs are abstracted as resources.
Resources are classified into two types:
- sandbox resources: network, share-fs
- container resources: rootfs, volume, cgroup
Here is a detailed description of the resources.
hypervisor
For VirtContainer, there will be more hypervisors to choose.
Currently, built-in Dragonball has been implemented. We have also added initial support for cloud-hypervisor with CI being added next.
agent
agent is used to communicate with agent in the guest OS from the shim side. The only supported agent is KataAgent.
persist
Persist defines traits and functions to help different components save state to disk and load state from disk.
helper libraries
Some helper libraries are maintained in the library directory so that they can be shared with other rust components.
Build and install
See the build from the source section of the rust runtime installation guide.
Configuration
runtime-rs has the same configuration as runtime with some limitations.
Logging
See the debugging section of the developer guide.
Debugging
See the debugging section of the developer guide.
An experimental alternative binary is available that removes containerd dependencies and makes it easier to run the shim proper outside of the runtime's usual deployment environment (i.e. on a developer machine).
Limitations
For Kata Containers limitations, see the limitations file for further details.
runtime-rs is under heavy developments, and doesn't support all features as the Golang version runtime, check the roadmap for details.