前提条件
Ubuntu 18.04
已安装docker
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 root@ubuntu-001:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.3 LTS Release: 18.04 Codename: bionic root@ubuntu-001:~# root@ubuntu-001:~# root@ubuntu-001:~# root@ubuntu-001:~# docker version Client: Docker Engine - Community Version: 20.10.3 API version: 1.41 Go version: go1.13.15 Git commit: 48d30b5 Built: Fri Jan 29 14:33:13 2021 OS/Arch: linux/amd64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 20.10.3 API version: 1.41 (minimum version 1.12) Go version: go1.13.15 Git commit: 46229ca Built: Fri Jan 29 14:31:25 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.4.3 GitCommit: 269548fa27e0089a8b8278fc4fc781d7f65a939b docker-init: Version: 0.19.0 GitCommit: de40ad0
安装Kata Containers 参考:https://github.com/kata-containers/documentation/blob/master/install/README.md
1 2 3 4 5 6 $ ARCH=$(arch) $ BRANCH="${BRANCH:-master} " $ sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH} :/${BRANCH} /xUbuntu_$(lsb_release -rs) / /' > /etc/apt/sources.list.d/kata-containers.list" $ curl -sL http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH} :/${BRANCH} /xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add - $ sudo -E apt-get update $ sudo -E apt-get -y install kata-runtime kata-proxy kata-shim
1 2 3 4 root@ubuntu-001:~# kata-runtime version kata-runtime : 1.13.0-alpha0 commit : <<unknown>> OCI specs: 1.0.1-dev
配置docker使用Kata Containers(两种方式二选一)
systemd (this is the default and is applied automatically if you select the automatic installation option) 1 2 3 4 5 6 $ sudo mkdir -p /etc/systemd/system/docker.service.d/ $ cat <<EOF | sudo tee /etc/systemd/system/docker.service.d/kata-containers.conf [Service] ExecStart= ExecStart=/usr/bin/dockerd -D --add-runtime kata-runtime=/usr/bin/kata-runtime --default-runtime=kata-runtime EOF
配置/etc/docker/daemon.json文件1 $ sudo mkdir -p /etc/docker
/etc/docker/daemon.json: 1 2 3 4 5 6 7 8 { "default-runtime" : "kata-runtime" , "runtimes" : { "kata-runtime" : { "path" : "/usr/bin/kata-runtime" } } }
重启docker服务 1 2 $ sudo systemctl daemon-reload $ sudo systemctl restart docker
运行 Kata Containers You are now ready to run Kata Containers:
1 $ sudo docker run -itd --name busybox1 busybox
查询使用kata container创建的容器 1 2 3 4 5 6 root@ubuntu-001:~ ID PID STATUS BUNDLE CREATED OWNER 5dcc8dc243fd658317ce6ecc5163d9b936044123c4e0578cbd54567a953531a7 3965 running /run/containerd/io.containerd.runtime.v2.task/moby/5dcc8dc243fd658317ce6ecc5163d9b936044123c4e0578cbd54567a953531a7 2021-02-07T02:44:50.342490835Z root@ubuntu-001:~ root 3965 3892 0 10:44 ? 00:00:00 /usr/libexec/kata-containers/kata-shim -agent unix:///run/vc/sbs/5dcc8dc243fd658317ce6ecc5163d9b936044123c4e0578cbd54567a953531a7/proxy.sock -container 5dcc8dc243fd658317ce6ecc5163d9b936044123c4e0578cbd54567a953531a7 -exec-id 5dcc8dc243fd658317ce6ecc5163d9b936044123c4e0578cbd54567a953531a7 -terminal
比较Kata Containers 与 runc 创建的容器不同 默认安装docker,默认运行时是runc,上述配置操作后将默认运行时修改为kata-runtime
1 2 3 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc
1 2 3 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux kata-runtime runc Default Runtime: kata-runtime
使用runc创建容器:docker run -itd –runtime runc –name busybox2 busybox
1 2 3 4 5 6 7 8 9 10 root@ubuntu-001:~ / Linux 5dcc8dc243fd 5.4.60-52.container / root@ubuntu-001:~ / Linux d1e322ad99f9 5.4.0-65-generic / root@ubuntu-001:~ Linux ubuntu-001 5.4.0-65-generic
可以看到runc创建的容器,和宿主机Kernel相同,而kata创建的容器使用的是自己kernel
全文完。
