mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-10-23 21:28:10 +00:00
This enables guest pull via config, without the need of any external snapshotter. When the config enables runtime.experimental_force_guest_pull, instead of relying on annotations to select the way to share the root FS, we always use guest pull. Co-authored-by: Markus Rudy <mr@edgeless.systems> Signed-off-by: Paul Meyer <katexochen0@gmail.com>
Howto Guides
Kubernetes Integration
- Run Kata containers with
crictl
- Run Kata Containers with Kubernetes
- How to use Kata Containers and Containerd
- How to use Kata Containers and containerd with Kubernetes
- Kata Containers and service mesh for Kubernetes
- How to import Kata Containers logs into Fluentd
Hypervisors Integration
Currently supported hypervisors with Kata Containers include:
-
qemu
-
cloud-hypervisor
-
firecracker
In the case of
firecracker
the use of a block devicesnapshotter
is needed for the VM rootfs. Refer to the following guide for additional configuration steps:
Confidential Containers Policy
Advanced Topics
- How to use Kata Containers with virtio-fs
- Setting Sysctls with Kata
- What Is VMCache and How To Enable It
- What Is VM Templating and How To Enable It
- Privileged Kata Containers
- How to load kernel modules in Kata Containers
- How to use Kata Containers with
virtio-mem
- How to set sandbox Kata Containers configurations with pod annotations
- How to monitor Kata Containers in K8s
- How to use hotplug memory on arm64 in Kata Containers
- How to setup swap devices in guest kernel
- How to run rootless vmm
- How to run Docker with Kata Containers
- How to run Kata Containers with
nydus
- How to run Kata Containers with AMD SEV-SNP
- How to run Kata Containers with IBM Secure Execution
- How to use EROFS to build rootfs in Kata Containers
- How to run Kata Containers with kinds of Block Volumes
- How to use the Kata Agent Policy
- How to pull images in the guest
- How to use mem-agent to decrease the memory usage of Kata container