mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-10-22 04:18:53 +00:00
5c21b1faf3
This change crystallizes and simplifies the current handling of /dev hostPath mounts with virtually no functional change. Before this change: - If a mount DESTINATION is in /dev and it is a non-regular file on the HOST, the shim passes the OCI bind mount as is to the guest (e.g. /dev/kmsg:/dev/kmsg). The container rightfully sees the GUEST device. - If the mount DESTINATION does not exist on the host, the shim relies on k8s/containerd to automatically create a directory (ie. non-regular file) on the HOST. The shim then also passes the OCI bind mount as is to the guest. The container rightfully sees the GUEST device. - For other /dev mounts, the shim passes the device major/minor to the guest over virtio-fs. The container rightfully sees the GUEST device. After this change: - If a mount SOURCE is in /dev and it is a non-regular file on the HOST, the shim passes the OCI bind mount as is to the guest. The container rightfully sees the GUEST device. - The shim does not anymore rely on k8s/containerd to create missing mount directories. Instead it explicitely handles missing mount SOURCES, and treats them like the previous bullet point. - The shim no longer uses virtio-fs to pass /dev device major/minor to the guest, instead it passes the OCI bind mount as is. Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
Documentation
The Kata Containers documentation repository hosts overall system documentation, with information common to multiple components.
For details of the other Kata Containers repositories, see the repository summary.
Getting Started
- Installation guides: Install and run Kata Containers with Docker or Kubernetes
Tracing
See the tracing documentation.
More User Guides
- Upgrading: how to upgrade from Clear Containers and runV to Kata Containers and how to upgrade an existing Kata Containers system to the latest version.
- Limitations: differences and limitations compared with the default Docker runtime,
runc.
How-to guides
See the how-to documentation.
Kata Use-Cases
- GPU Passthrough with Kata
- SR-IOV with Kata
- Intel QAT with Kata
- SPDK vhost-user with Kata
- Intel SGX with Kata
- IBM Crypto Express passthrough with Confidential Containers
Developer Guide
Documents that help to understand and contribute to Kata Containers.
Design and Implementations
- Kata Containers Architecture: Architectural overview of Kata Containers
- Kata Containers CI: Kata Containers CI document
- Kata Containers E2E Flow: The entire end-to-end flow of Kata Containers
- Kata Containers design: More Kata Containers design documents
- Kata Containers threat model: Kata Containers threat model
How to Contribute
- Developer Guide: Setup the Kata Containers developing environments
- How to contribute to Kata Containers
- Code of Conduct
- How to submit a blog post
Help Writing a Code PR
Help Writing Unit Tests
Help Improving the Documents
Code Licensing
- Licensing: About the licensing strategy of Kata Containers.
The Release Process
Presentations
Website Changes
If you have a suggestion for how we can improve the website, please raise an issue (or a PR) on the repository that holds the source for the website.