mirror of
				https://github.com/kata-containers/kata-containers.git
				synced 2025-10-25 14:23:11 +00:00 
			
		
		
		
	In some cases, network endpoints will be configured through Prestart Hook. So network endpoints may need to be added(hotpluged) after vm is started and also Prestart Hook is executed. We move pre-start hook functions' execution to sandbox_start to allow hooks running between vm_start and netns_scan easily, so that the lifecycle API can be cleaner. Signed-off-by: Yushuo <y-shuo@linux.alibaba.com>
		
			
				
	
	
		
			63 lines
		
	
	
		
			3.6 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			63 lines
		
	
	
		
			3.6 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # Kata Containers support for `Hooks`
 | |
| 
 | |
| ## Introduction
 | |
| 
 | |
| During container's lifecycle, different Hooks can be executed to do custom actions. In Kata Containers, we support two types of Hooks, `OCI Hooks` and `Kata Hooks`.
 | |
| 
 | |
| ### OCI Hooks
 | |
| 
 | |
| The OCI Spec stipulates six hooks that can be executed at different time points and namespaces, including `Prestart Hooks`, `CreateRuntime Hooks`, `CreateContainer Hooks`, `StartContainer Hooks`, `Poststart Hooks` and `Poststop Hooks`. We support these types of Hooks as compatible as possible in Kata Containers.
 | |
| 
 | |
| The path and arguments of these hooks will be passed to Kata for execution via `bundle/config.json`. For example:
 | |
| ```
 | |
| ...
 | |
| "hooks": {
 | |
|   "prestart": [
 | |
|     {
 | |
|       "path": "/usr/bin/prestart-hook",
 | |
|       "args": ["prestart-hook", "arg1", "arg2"],
 | |
|       "env":  [ "key1=value1"]
 | |
|     }
 | |
|   ],
 | |
|   "createRuntime": [
 | |
|     {
 | |
|       "path": "/usr/bin/createRuntime-hook",
 | |
|       "args": ["createRuntime-hook", "arg1", "arg2"],
 | |
|       "env":  [ "key1=value1"]
 | |
|     }
 | |
|   ]
 | |
| }
 | |
| ...
 | |
| ```
 | |
| 
 | |
| ### Kata Hooks
 | |
| 
 | |
| In Kata, we support another three kinds of hooks executed in guest VM, including `Guest Prestart Hook`, `Guest Poststart Hook`, `Guest Poststop Hook`.
 | |
| 
 | |
| The executable files for Kata Hooks must be packaged in the *guest rootfs*. The file path to those guest hooks should be specified in the configuration file, and guest hooks must be stored in a subdirectory of `guest_hook_path` according to their hook type. For example:
 | |
| 
 | |
| + In configuration file:
 | |
| ```
 | |
| guest_hook_path="/usr/share/hooks"
 | |
| ```
 | |
| + In guest rootfs, prestart-hook is stored in `/usr/share/hooks/prestart/prestart-hook`.
 | |
| 
 | |
| ## Execution
 | |
| The table below summarized when and where those different hooks will be executed in Kata Containers:
 | |
| 
 | |
| | Hook Name | Hook Type | Hook Path | Exec Place | Exec Time |
 | |
| |---|---|---|---|---|
 | |
| | `Prestart(deprecated)` | OCI hook | host runtime namespace | host runtime namespace | After VM is started, before container is created. |
 | |
| | `CreateRuntime` | OCI hook | host runtime namespace | host runtime namespace | After VM is started, before container is created, after `Prestart` hooks. |
 | |
| | `CreateContainer` | OCI hook | host runtime namespace | host vmm namespace* | After VM is started, before container is created, after `CreateRuntime` hooks. |
 | |
| | `StartContainer` | OCI hook | guest container namespace | guest container namespace | After container is created, before container is started. |
 | |
| | `Poststart` | OCI hook | host runtime namespace | host runtime namespace | After container is started, before start operation returns. |
 | |
| | `Poststop` | OCI hook | host runtime namespace | host runtime namespace | After container is deleted, before delete operation returns. |
 | |
| | `Guest Prestart` | Kata hook | guest agent namespace | guest agent namespace | During start operation, before container command is executed. |
 | |
| | `Guest Poststart` | Kata hook | guest agent namespace | guest agent namespace | During start operation, after container command is executed, before start operation returns. |
 | |
| | `Guest Poststop` | Kata hook | guest agent namespace | guest agent namespace | During delete operation, after container is deleted, before delete operation returns. |
 | |
| 
 | |
| + `Hook Path` specifies where hook's path be resolved.
 | |
| + `Exec Place` specifies in which namespace those hooks can be executed.
 | |
|   + For `CreateContainer` Hooks, OCI requires to run them inside the container namespace while the hook executable path is in the host runtime, which is a non-starter for VM-based containers. So we design to keep them running in the *host vmm namespace.* 
 | |
| + `Exec Time` specifies at which time point those hooks can be executed. |