21711eea08
- makefile: Make SELinux support configurable - clh: Boot from persistent memory device - config: Add scsi_mod.scan=none for virtio-scsi - katautils: Use config paths set during the build - version: Update kernel to lts 5.4.32 - clh: virtiofs: Add no_posix_lock option - versions: Switch to virtio-fs-dev branch for kernel - v2: Open log fifo with `RDWR` instead of `WRONLY` - qemu-ppc64le: Switch off large decrementer capability - versions: Update go to 1.13.9 - qemu_ppc64le: EXpose fs support explicitly - qemu: Don't crash if virtiofsd path is non existent - Add SELinux support for running VM Confinement - clh: Implment capabilities - Update go to v1.13.8 - Makefile: Allow change default hypervisor via env var - clh: Report warning when requested vCPUs exceeds maxVCPU allowed - clh: Enable memory hotplug - virtcontainers: check PCI resource format before using it - Support persistent memory volumes - versions: Update containerd commit - virtcontainers: Don't create vfio devices in the guest - shimv2: move container rootfs mounted flag to container level - AArch64: officially enable firecracker v0.21.0 on AArch64 - clh: add vfio supportd78ffd65makefile: Make SELinux support configurable7aa31685clh: Boot from persistent memory devicee8fc25a7version: Update clh to masterbf9758bfkatautils: Use config paths set during the build8c850d9econfig: Add scsi_mod.scan=none for virtio-scsi07d0a4f0version: Update kernel to lts 5.4.32ab8050c5kata_agent: Don't use dax if virtio_fs_cache is 06218b2a5kata_agent: Remove sharedDirVirtioFSOptions95ccc0f7agent: Use "virtiofs" instead of "virtio_fs"4c1cacd3versions: Switch to virtio-fs-dev branch for kernel8e0f891ev2: Open log fifo with `RDWR` instead of `WRONLY`afbd03cfqemu-ppc64le: Switch off large decrementer capability432f9beaclh: virtiofs: Add no_posix_lock option0294fcb9versions: Update go to 1.13.9fd625b3fqemu: Don't crash if virtiofsd path is non existent5eec8bdfqemu_ppc64le: EXpose fs support explicitlye4eb553dvirtcontainers: Add SELinux support for running VM Confinement39e354f6clh: Implement capabilities0a1ffc1dtypes: Make FS sharing disable by default669b6e32clh: Report warning when requested vCPUs exceeds maxVCPU allowed7997218cMakefile: Allow change default hypervisor via env varaab82f67clh: Add memory hotpluge62a8aa9versions: Update containerd commit2f948738clh: Use MemUnit to create VMb6a7d8d6utils: Add memory unit abstraction5e7d2538clh: add vmInfo methodebb8fd57versions: Update clh to latest master4d2574a7virtcontainers: Don't create vfio devices in the guest3b53114avirtcontainers: improve algorithm to check Large bar devices7aff5466virtcontainers: check PCI resource format before using itd0a730c6shimv2: move container rootfs mounted flag to container leveld60902a9FC: change minimum supported version of Firecracker to v0.21.1aadf8c4aAArch64: enable firecracker v0.21.1 on AArch6444e23493FC: Fix error of overlong firecracker API unix socketc3bafd57FC: Change default API socket path2945bcd7FC: Removed redundant `--seccomp-level` jailer parameterd2cae59eFC: Removed redundant `RescanBlockDevice` action37b91b33FC: Remove `logger.options`2c310fecvirtcontainers: handle persistent memory volumes434b3025virtcontainers: hotplug block drives that are pmem devices as nvdimm84e0ee13virtcontainers: reimplement `createBlockDevices`abbdf078virtcontainers: add Pmem attribute to BlockDriveee941e5cvirtcontainers: Implement function to get the pmem DeviceInfo9ff44dbavirtcontainers: implement function to get the backing file0a4e2edcvirtcontainers: move GetDevicePathAndFsType to utils_linux2c7f27ecvendor: update govmmf61eca89clh: Add comments around clh api6a4e667fvirtiofsd: Check if PID is valid3251beaaversion: Update clh to masterc5184641clh: Add vfio support4d034b1eversions: update go to v1.14 Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Runtime
This repository contains the runtime for the Kata Containers project.
For details of the other Kata Containers repositories, see the repository summary.
- Introduction
- License
- Platform support
- Download and install
- Quick start for developers
- Architecture overview
- Configuration
- Logging
- Debugging
- Limitations
- Community
- Further information
- Additional packages
Introduction
kata-runtime, referred to as "the runtime", is the Command-Line Interface
(CLI) part of the Kata Containers runtime component. It leverages the
virtcontainers
package to provide a high-performance standards-compliant runtime that creates
hardware-virtualized Linux containers running on Linux hosts.
The runtime is OCI-compatible, CRI-O-compatible, and Containerd-compatible, allowing it to work seamlessly with both Docker and Kubernetes respectively.
License
The code is licensed under an Apache 2.0 license.
See the license file for further details.
Platform support
Kata Containers currently works on systems supporting the following technologies:
- Intel VT-x technology.
- ARM Hyp mode (virtualization extension).
- IBM Power Systems.
- IBM Z mainframes.
Hardware requirements
The runtime has a built-in command to determine if your host system is capable of running and creating a Kata Container:
$ kata-runtime kata-check
Note:
By default, only a brief success / failure message is printed. If more details are needed, the
--verboseflag can be used to display the list of all the checks performed.
rootpermission is needed to check if the system is capable of running Kata containers. In this case, additional checks are performed (e.g., if another incompatible hypervisor is running).
Download and install
See the installation guides available for various operating systems.
Quick start for developers
See the developer guide.
Architecture overview
See the architecture overview for details on the Kata Containers design.
Configuration
The runtime uses a TOML format configuration file called configuration.toml.
The file contains comments explaining all options.
Note:
The initial values in the configuration file provide a good default configuration. You may need to modify this file to optimise or tailor your system, or if you have specific requirements.
Since the runtime supports a
stateless system,
it checks for this configuration file in multiple locations, two of which are
built in to the runtime. The default location is
/usr/share/defaults/kata-containers/configuration.toml for a standard
system. However, if /etc/kata-containers/configuration.toml exists, this
takes priority.
The below command lists the full paths to the configuration files that the runtime attempts to load. The first path that exists will be used:
$ kata-runtime --kata-show-default-config-paths
Aside from the built-in locations, it is possible to specify the path to a
custom configuration file using the --kata-config option:
$ kata-runtime --kata-config=/some/where/configuration.toml ...
The runtime will log the full path to the configuration file it is using. See the logging section for further details.
To see details of your systems runtime environment (including the location of the configuration file being used), run:
$ kata-runtime kata-env
Logging
For detailed information and analysis on obtaining logs for other system
components, see the documentation for the
kata-log-parser
tool.
For runtime logs, see the following sections for the CRI-O and containerd shimv2 based runtimes.
Kata OCI
The Kata OCI runtime (including when used with CRI-O), provides --log= and --log-format= options.
However, the runtime also always logs to the system log (syslog or journald).
To view runtime log output:
$ sudo journalctl -t kata-runtime
Kata containerd shimv2
The Kata containerd shimv2 runtime logs through containerd, and its logs will be sent
to wherever the containerd logs are directed. However, the
shimv2 runtime also always logs to the system log (syslog or journald) under the
identifier name of kata.
To view the shimv2 runtime log output:
$ sudo journalctl -t kata
Debugging
See the debugging section of the developer guide.
Limitations
See the limitations file for further details.
Community
Contact
See how to reach the community.
Further information
See the project table of contents and the documentation repository.
Additional packages
For details of the other packages contained in this repository, see the package documentation.