Long-Term Supported Versions

    Innovation Versions

      Appendix

      configuration.toml

      NOTE:
      The value of each field in the configuration.toml file is subject to the configuration.toml file in the kata-containers-<version>.rpm package. You cannot set any field in the configuration file.

      [hypervisor.qemu]
      path: specifies the execution path of the virtualization QEMU.
      kernel: specifies the execution path of the guest kernel.
      initrd: specifies the guest initrd execution path.
      image: specifies the execution path of the guest image (not applicable).
      machine_type: specifies the type of the analog chip. The value is virt for the ARM architecture and pc for the x86 architecture.
      kernel_params: specifies the running parameters of the guest kernel.
      firmware: specifies the firmware path. If this parameter is left blank, the default firmware is used.
      machine_accelerators: specifies an accelerator.
      default_vcpus: specifies the default number of vCPUs for each SB/VM.
      default_maxvcpus: specifies the default maximum number of vCPUs for each SB/VM.
      default_root_ports: specifies the default number of root ports for each SB/VM.
      default_bridges: specifies the default number of bridges for each SB/VM.
      default_memory: specifies the default memory size of each SB/VM. The default value is 1024 MiB.
      memory_slots: specifies the number of memory slots for each SB/VM. The default value is 10.
      memory_offset: specifies the memory offset. The default value is 0.
      disable_block_device_use: disables the block device from being used by the rootfs of the container.
      shared_fs: specifies the type of the shared file system. The default value is virtio-9p.
      virtio_fs_daemon: specifies the path of the vhost-user-fs daemon process.
      virtio_fs_cache_size: specifies the default size of the DAX cache.
      virtio_fs_cache: specifies the cache mode.
      block_device_driver: specifies the driver of a block device.
      block_device_cache_set: specifies whether to set cache-related options for a block device. The default value is false.
      block_device_cache_direct: specifies whether to enable O_DIRECT. The default value is false.
      block_device_cache_noflush: specifies whether to ignore device update requests. The default value is false.
      enable_iothreads: enables iothreads.
      enable_mem_prealloc: enables VM RAM pre-allocation. The default value is false.
      enable_hugepages: enables huge pages. The default value is false.
      enable_swap: enables the swap function. The default value is false.
      enable_debug: enables QEMU debugging. The default value is false.
      disable_nesting_checks: disables nested check.
      msize_9p = 8192: specifies the number of bytes transmitted in each 9p packet.
      use_vsock: uses vsocks to directly communicate with the agent (the prerequisite is that vsocks is supported). The default value is false.
      hotplug_vfio_on_root_bus: enables the hot swap of the VFIO device on the root bus. The default value is false.
      disable_vhost_net: disables vhost_net. The default value is false.
      entropy_source: specifies the default entropy source.
      guest_hook_path: specifies the binary path of the guest hook.
      
      [factory]
      enable_template: enables the VM template. The default value is false.
      template_path: specifies the template path.
      vm_cache_number: specifies the number of VM caches. The default value is 0.
      vm_cache_endpoint: specifies the address of the Unix socket used by the VMCache. The default value is /var/run/kata-containers/cache.sock.
      
      [proxy.kata]
      path: specifies the kata-proxy running path.
      enable_debug: enables proxy debugging. The default value is false.
      
      [shim.kata]
      path: specifies the running path of kata-shim.
      enable_debug: enables shim debugging. The default value is false.
      enable_tracing: enables shim opentracing.
      
      [agent.kata]
      enable_debug: enables the agent debugging function. The default value is false.
      enable_tracing: enables the agent tracing function.
      trace_mode: specifies the trace mode.
      trace_type: specifies the trace type.
      enable_blk_mount: enables guest mounting of the block device.
      
      [netmon]
      enable_netmon: enables network monitoring. The default value is false.
      path: specifies the kata-netmon running path.
      enable_debug: enables netmon debugging. The default value is false.
      
      [runtime]
      enable_debug: enables runtime debugging. The default value is false.
      enable_cpu_memory_hotplug: enables CPU and memory hot swap. The default value is false.
      internetworking_model: specifies the network interconnection mode between VMs and containers.
      disable_guest_seccomp: disables the seccemp security mechanism in the guest application. The default value is true.
      enable_tracing: enables runtime opentracing. The default value is false.
      disable_new_netns: disables network namespace creation for the shim and hypervisor processes. The default value is false.
      experimental: enables the experimental feature, which does not support user-defined configurations.
      

      APIs

      Table 1 Commands related to the kata-runtime network

      Command

      Subcommand

      File Example

      Field

      Description

      Remarks

      kata-network

      NOTE:
      • The kata-network command must be used in groups. Network devices that are not added using kata-runtime kata-network cannot be deleted or listed using kata-runtime kata-network. The reverse is also true.
      • kata-runtime kata-network imports configuration parameters through a file or stdin.

      add-iface

      NOTE:
      • An interface can be added to only one container.
      • The execution result is subject to the returned value (non-zero return value).

        

      {

      "device":"tap1",

      "name":"eth1",

      "IPAddresses":[{"address":"172.17.1.10","mask":"24"}],

      "mtu":1300,

      "hwAddr":"02:42:20:6f:a2:80"

      "vhostUserSocket":"/usr/local/var/run/openvswitch/vhost-user1"

      }

        

      device

      Sets the name of the NIC on a host.

      Mandatory. The value can contain a maximum of 15 characters, including letters, digits, underscores (\_), hyphens (-), and periods (.). It must start with a letter. The device name must be unique on the same host.

      name

      Sets the name of the NIC in the container.

      Mandatory. The value can contain a maximum of 15 characters, including letters, digits, underscores (_), hyphens (-), and periods (.). It must start with a letter. Ensure that the name is unique in the same sandbox.

      IPAddresses

      Sets the IP address of an NIC.

      Optional.

      Currently, one IP address can be configured for each NIC. If no IP address is configured for the NIC, no IP address will be configured in the container, either.

      mtu

      Sets the MTU of an NIC.

      Mandatory.

      The value ranges from 46 to 9600.

      hwAddr

      Sets the MAC address of an NIC.

      Mandatory.

      vhostUserSocket

      Sets the DPDK polling socket path.

      Optional.

      The path contains a maximum of 128 bytes. The naming rule can contain digits, letters, and hyphens (-). The path name must start with a letter.

      del-iface

      {

      "name":"eth1"

      }

      None

      Deletes an NIC from a container.

      NOTE:

      When deleting a NIC, you can only delete it based on the name field in the NIC container. Kata does not identify other fields.

      list-ifaces

      None

      None

      Queries the NIC list in a container.

      None

      add-route

      {

      "dest":"172.17.10.10/24",

      "gateway":"",

      "device":"eth1"

      }

      dest

      Sets the network segment corresponding to the route.

      The value is in the format of <ip>/<mask>. <ip> is mandatory.

      There are three cases:

      1. Both IP address and mask are configured.

      2. If only an IP address is configured, the default mask is 32.

      3. If "dest":"default" is configured, there is no destination by default. In this case, the gateway needs to be configured.

      gateway

      Sets the next-hop gateway of the route.

      When "dest":"default" is configured, the gateway is mandatory. In other cases, this parameter is optional.

      device

      Sets the name of the NIC corresponding to the route.

      Mandatory.

      The value contains a maximum of 15 characters.

      del-route

      {

      "dest":"172.17.10.10/24"

      }

      None

      Deletes a container routing rule.

      dest is mandatory, and both device and gateway are optional.

      NOTE:

      Kata performs fuzzy match based on different fields and deletes the corresponding routing rules.

      list-routes

      None

      None

      Queries the route list in a container.

      None

      Table 2 kata-ipvs command line interfaces

      Command

      Subcommand

      Field

      Parameter

      Sub-parameter

      Description

      Remarks

      kata-ipvs

      ipvsadm

      --parameters

      -A, --add-service

      -t, --tcp-service

      -u, --udp-service

      Virtual service type.

      Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

      Example:

      kata-runtime kata-ipvs ipvsadm --parameters "--add-service --tcp-service 172.17.0.7:80 --scheduler rr --persistent 3000" <container-id>

      -s, --scheduler

      Load balancing scheduling algorithm.

      Mandatory. Value range: rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq.

      -p, --persistent

      Service duration.

      Mandatory. The value ranges from 1 to 2678400, in seconds.

      -E, --edit-service

      -t, --tcp-service

      -u, --udp-service

      Virtual service type.

      Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

      -s, --scheduler

      Load balancing scheduling algorithm.

      Mandatory. Value range: rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq.

      -p, --persistent

      Service duration.

      Mandatory. The value ranges from 1 to 2678400, in seconds.

      -D, --delete-service

      -t, --tcp-service

      -u, --udp-service

      Virtual service type.

      Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

      -a, --add-server

      -t, --tcp-service

      -u, --udp-service

      Virtual service type.

      Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

      Example:

      kata-runtime kata-ipvs ipvsadm --parameters "--add-server --tcp-service 172.17.0.7:80 --real-server 172.17.0.4:80 --weight 100" <container-id>

      -r, --real-server

      Real server address.

      Mandatory. The format is ip:port. The value of port ranges from 1 to 65535.

      -w, --weight

      Weight

      Optional. The value ranges from 0 to 65535.

      -e, --edit-server

      -t, --tcp-service

      -u, --udp-service

      Virtual service type.

      Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

      -r, --real-server

      Real server address.

      Mandatory. The format is ip:port. The value of port ranges from 1 to 65535.

      -w, --weight

      Weight

      Optional. The value ranges from 0 to 65535.

      -d, --delete-server

      -t, --tcp-service

      -u, --udp-service

      Virtual service type.

      Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

      -r, --real-server

      Real server address.

      Mandatory. The format is ip:port. The value of port ranges from 1 to 65535.

      -L, --list

      -t, --tcp-service

      -u, --udp-service

      Queries virtual service information.

      Optional.

      Example:

      kata-runtime kata-ipvs ipvsadm --parameters "--list --tcp-service ip:port" <container-id>

      --set

      --tcp

      TCP timeout.

      Mandatory. The value ranges from 0 to 1296000.

      Example:

      kata-runtime kata-ipvs ipvsadm --parameters "--set 100 100 200" <container-id>

      --tcpfin

      TCP FIN timeout.

      Mandatory. The value ranges from 0 to 1296000.

      --udp

      UDP timeout.

      Mandatory. The value ranges from 0 to 1296000.

      --restore

      -

      Imports standard inputs in batches.

      Rule files can be specified.

      Example:

      kata-runtime kata-ipvs ipvsadm --restore - < <rule file path> <container-id>
      NOTE:

      By default, the NAT mode is used for adding a single real server. To add real servers in batches, you need to manually add the -m option to use the NAT mode.

      The following is an example of the rule file content:

      -A -t 10.10.11.12:100 -s rr -p 3000

      -a -t 10.10.11.12:100 -r 172.16.0.1:80 -m

      -a -t 10.10.11.12:100 -r 172.16.0.1:81 -m

      -a -t 10.10.11.12:100 -r 172.16.0.1:82 -m

      cleanup

      --parameters

      -d, --orig-dst

      Specifies the IP address.

      Mandatory.

      Example:

      kata-runtime kata-ipvs cleanup --parameters "--orig-dst 172.17.0.4 --protonum tcp" <container-id>

      -p, --protonum

      Protocol type.

      Mandatory. The value can be tcp or udp.

      Bug Catching

      Buggy Content

      Bug Description

      Submit As Issue

      It's a little complicated....

      I'd like to ask someone.

      PR

      Just a small problem.

      I can fix it online!

      Bug Type
      Specifications and Common Mistakes

      ● Misspellings or punctuation mistakes;

      ● Incorrect links, empty cells, or wrong formats;

      ● Chinese characters in English context;

      ● Minor inconsistencies between the UI and descriptions;

      ● Low writing fluency that does not affect understanding;

      ● Incorrect version numbers, including software package names and version numbers on the UI.

      Usability

      ● Incorrect or missing key steps;

      ● Missing prerequisites or precautions;

      ● Ambiguous figures, tables, or texts;

      ● Unclear logic, such as missing classifications, items, and steps.

      Correctness

      ● Technical principles, function descriptions, or specifications inconsistent with those of the software;

      ● Incorrect schematic or architecture diagrams;

      ● Incorrect commands or command parameters;

      ● Incorrect code;

      ● Commands inconsistent with the functions;

      ● Wrong screenshots.

      Risk Warnings

      ● Lack of risk warnings for operations that may damage the system or important data.

      Content Compliance

      ● Contents that may violate applicable laws and regulations or geo-cultural context-sensitive words and expressions;

      ● Copyright infringement.

      How satisfied are you with this document

      Not satisfied at all
      Very satisfied
      Submit
      Click to create an issue. An issue template will be automatically generated based on your feedback.
      Bug Catching
      编组 3备份