Appendix

configuration.toml

NOTE:
The value of each field in the configuration.toml file is subject to the configuration.toml file in the kata-containers-<version>.rpm package. You cannot set any field in the configuration file.

[hypervisor.qemu]
path: specifies the execution path of the virtualization QEMU.
kernel: specifies the execution path of the guest kernel.
initrd: specifies the guest initrd execution path.
image: specifies the execution path of the guest image (not applicable).
machine_type: specifies the type of the analog chip. The value is virt for the ARM architecture and pc for the x86 architecture.
kernel_params: specifies the running parameters of the guest kernel.
firmware: specifies the firmware path. If this parameter is left blank, the default firmware is used.
machine_accelerators: specifies an accelerator.
default_vcpus: specifies the default number of vCPUs for each SB/VM.
default_maxvcpus: specifies the default maximum number of vCPUs for each SB/VM.
default_root_ports: specifies the default number of root ports for each SB/VM.
default_bridges: specifies the default number of bridges for each SB/VM.
default_memory: specifies the default memory size of each SB/VM. The default value is 1024 MiB.
memory_slots: specifies the number of memory slots for each SB/VM. The default value is 10.
memory_offset: specifies the memory offset. The default value is 0.
disable_block_device_use: disables the block device from being used by the rootfs of the container.
shared_fs: specifies the type of the shared file system. The default value is virtio-9p.
virtio_fs_daemon: specifies the path of the vhost-user-fs daemon process.
virtio_fs_cache_size: specifies the default size of the DAX cache.
virtio_fs_cache: specifies the cache mode.
block_device_driver: specifies the driver of a block device.
block_device_cache_set: specifies whether to set cache-related options for a block device. The default value is false.
block_device_cache_direct: specifies whether to enable O_DIRECT. The default value is false.
block_device_cache_noflush: specifies whether to ignore device update requests. The default value is false.
enable_iothreads: enables iothreads.
enable_mem_prealloc: enables VM RAM pre-allocation. The default value is false.
enable_hugepages: enables huge pages. The default value is false.
enable_swap: enables the swap function. The default value is false.
enable_debug: enables QEMU debugging. The default value is false.
disable_nesting_checks: disables nested check.
msize_9p = 8192: specifies the number of bytes transmitted in each 9p packet.
use_vsock: uses vsocks to directly communicate with the agent (the prerequisite is that vsocks is supported). The default value is false.
hotplug_vfio_on_root_bus: enables the hot swap of the VFIO device on the root bus. The default value is false.
disable_vhost_net: disables vhost_net. The default value is false.
entropy_source: specifies the default entropy source.
guest_hook_path: specifies the binary path of the guest hook.

[factory]
enable_template: enables the VM template. The default value is false.
template_path: specifies the template path.
vm_cache_number: specifies the number of VM caches. The default value is 0.
vm_cache_endpoint: specifies the address of the Unix socket used by the VMCache. The default value is /var/run/kata-containers/cache.sock.

[proxy.kata]
path: specifies the kata-proxy running path.
enable_debug: enables proxy debugging. The default value is false.

[shim.kata]
path: specifies the running path of kata-shim.
enable_debug: enables shim debugging. The default value is false.
enable_tracing: enables shim opentracing.

[agent.kata]
enable_debug: enables the agent debugging function. The default value is false.
enable_tracing: enables the agent tracing function.
trace_mode: specifies the trace mode.
trace_type: specifies the trace type.
enable_blk_mount: enables guest mounting of the block device.

[netmon]
enable_netmon: enables network monitoring. The default value is false.
path: specifies the kata-netmon running path.
enable_debug: enables netmon debugging. The default value is false.

[runtime]
enable_debug: enables runtime debugging. The default value is false.
enable_cpu_memory_hotplug: enables CPU and memory hot swap. The default value is false.
internetworking_model: specifies the network interconnection mode between VMs and containers.
disable_guest_seccomp: disables the seccemp security mechanism in the guest application. The default value is true.
enable_tracing: enables runtime opentracing. The default value is false.
disable_new_netns: disables network namespace creation for the shim and hypervisor processes. The default value is false.
experimental: enables the experimental feature, which does not support user-defined configurations.

APIs

Table 1 Commands related to the kata-runtime network

Command

Subcommand

File Example

Field

Description

Remarks

kata-network

NOTE:
  • The kata-network command must be used in groups. Network devices that are not added using kata-runtime kata-network cannot be deleted or listed using kata-runtime kata-network. The reverse is also true.
  • kata-runtime kata-network imports configuration parameters through a file or stdin.

add-iface

NOTE:
  • An interface can be added to only one container.
  • The execution result is subject to the returned value (non-zero return value).

  

{

"device":"tap1",

"name":"eth1",

"IPAddresses":[{"address":"172.17.1.10","mask":"24"}],

"mtu":1300,

"hwAddr":"02:42:20:6f:a2:80"

"vhostUserSocket":"/usr/local/var/run/openvswitch/vhost-user1"

}

  

device

Sets the name of the NIC on a host.

Mandatory. The value can contain a maximum of 15 characters, including letters, digits, underscores (\_), hyphens (-), and periods (.). It must start with a letter. The device name must be unique on the same host.

name

Sets the name of the NIC in the container.

Mandatory. The value can contain a maximum of 15 characters, including letters, digits, underscores (_), hyphens (-), and periods (.). It must start with a letter. Ensure that the name is unique in the same sandbox.

IPAddresses

Sets the IP address of an NIC.

Optional.

Currently, one IP address can be configured for each NIC. If no IP address is configured for the NIC, no IP address will be configured in the container, either.

mtu

Sets the MTU of an NIC.

Mandatory.

The value ranges from 46 to 9600.

hwAddr

Sets the MAC address of an NIC.

Mandatory.

vhostUserSocket

Sets the DPDK polling socket path.

Optional.

The path contains a maximum of 128 bytes. The naming rule can contain digits, letters, and hyphens (-). The path name must start with a letter.

del-iface

{

"name":"eth1"

}

None

Deletes an NIC from a container.

NOTE:

When deleting a NIC, you can only delete it based on the name field in the NIC container. Kata does not identify other fields.

list-ifaces

None

None

Queries the NIC list in a container.

None

add-route

{

"dest":"172.17.10.10/24",

"gateway":"",

"device":"eth1"

}

dest

Sets the network segment corresponding to the route.

The value is in the format of <ip>/<mask>. <ip> is mandatory.

There are three cases:

1. Both IP address and mask are configured.

2. If only an IP address is configured, the default mask is 32.

3. If "dest":"default" is configured, there is no destination by default. In this case, the gateway needs to be configured.

gateway

Sets the next-hop gateway of the route.

When "dest":"default" is configured, the gateway is mandatory. In other cases, this parameter is optional.

device

Sets the name of the NIC corresponding to the route.

Mandatory.

The value contains a maximum of 15 characters.

del-route

{

"dest":"172.17.10.10/24"

}

None

Deletes a container routing rule.

dest is mandatory, and both device and gateway are optional.

NOTE:

Kata performs fuzzy match based on different fields and deletes the corresponding routing rules.

list-routes

None

None

Queries the route list in a container.

None

Table 2 kata-ipvs command line interfaces

Command

Subcommand

Field

Parameter

Sub-parameter

Description

Remarks

kata-ipvs

ipvsadm

--parameters

-A, --add-service

-t, --tcp-service

-u, --udp-service

Virtual service type.

Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

Example:

kata-runtime kata-ipvs ipvsadm --parameters "--add-service --tcp-service 172.17.0.7:80 --scheduler rr --persistent 3000" <container-id>

-s, --scheduler

Load balancing scheduling algorithm.

Mandatory. Value range: rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq.

-p, --persistent

Service duration.

Mandatory. The value ranges from 1 to 2678400, in seconds.

-E, --edit-service

-t, --tcp-service

-u, --udp-service

Virtual service type.

Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

-s, --scheduler

Load balancing scheduling algorithm.

Mandatory. Value range: rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq.

-p, --persistent

Service duration.

Mandatory. The value ranges from 1 to 2678400, in seconds.

-D, --delete-service

-t, --tcp-service

-u, --udp-service

Virtual service type.

Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

-a, --add-server

-t, --tcp-service

-u, --udp-service

Virtual service type.

Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

Example:

kata-runtime kata-ipvs ipvsadm --parameters "--add-server --tcp-service 172.17.0.7:80 --real-server 172.17.0.4:80 --weight 100" <container-id>

-r, --real-server

Real server address.

Mandatory. The format is ip:port. The value of port ranges from 1 to 65535.

-w, --weight

Weight

Optional. The value ranges from 0 to 65535.

-e, --edit-server

-t, --tcp-service

-u, --udp-service

Virtual service type.

Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

-r, --real-server

Real server address.

Mandatory. The format is ip:port. The value of port ranges from 1 to 65535.

-w, --weight

Weight

Optional. The value ranges from 0 to 65535.

-d, --delete-server

-t, --tcp-service

-u, --udp-service

Virtual service type.

Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

-r, --real-server

Real server address.

Mandatory. The format is ip:port. The value of port ranges from 1 to 65535.

-L, --list

-t, --tcp-service

-u, --udp-service

Queries virtual service information.

Optional.

Example:

kata-runtime kata-ipvs ipvsadm --parameters "--list --tcp-service ip:port" <container-id>

--set

--tcp

TCP timeout.

Mandatory. The value ranges from 0 to 1296000.

Example:

kata-runtime kata-ipvs ipvsadm --parameters "--set 100 100 200" <container-id>

--tcpfin

TCP FIN timeout.

Mandatory. The value ranges from 0 to 1296000.

--udp

UDP timeout.

Mandatory. The value ranges from 0 to 1296000.

--restore

-

Imports standard inputs in batches.

Rule files can be specified.

Example:

kata-runtime kata-ipvs ipvsadm --restore - < <rule file path> <container-id>
NOTE:

By default, the NAT mode is used for adding a single real server. To add real servers in batches, you need to manually add the -m option to use the NAT mode.

The following is an example of the rule file content:

-A -t 10.10.11.12:100 -s rr -p 3000

-a -t 10.10.11.12:100 -r 172.16.0.1:80 -m

-a -t 10.10.11.12:100 -r 172.16.0.1:81 -m

-a -t 10.10.11.12:100 -r 172.16.0.1:82 -m

cleanup

--parameters

-d, --orig-dst

Specifies the IP address.

Mandatory.

Example:

kata-runtime kata-ipvs cleanup --parameters "--orig-dst 172.17.0.4 --protonum tcp" <container-id>

-p, --protonum

Protocol type.

Mandatory. The value can be tcp or udp.

有奖捉虫

“有虫”文档片段

存在的问题

提交类型 issue
有点复杂...
找人问问吧。
PR
小问题,全程线上修改...
一键搞定!
问题类型
规范和低错类

● 错别字或拼写错误;标点符号使用错误;

● 链接错误、空单元格、格式错误;

● 英文中包含中文字符;

● 界面和描述不一致,但不影响操作;

● 表述不通顺,但不影响理解;

● 版本号不匹配:如软件包名称、界面版本号;

易用性

● 关键步骤错误或缺失,无法指导用户完成任务;

● 缺少必要的前提条件、注意事项等;

● 图形、表格、文字等晦涩难懂;

● 逻辑不清晰,该分类、分项、分步骤的没有给出;

正确性

● 技术原理、功能、规格等描述和软件不一致,存在错误;

● 原理图、架构图等存在错误;

● 命令、命令参数等错误;

● 代码片段错误;

● 命令无法完成对应功能;

● 界面错误,无法指导操作;

风险提示

● 对重要数据或系统存在风险的操作,缺少安全提示;

内容合规

● 违反法律法规,涉及政治、领土主权等敏感词;

● 内容侵权;

您对文档的总体满意度

非常不满意
非常满意
创Issue赢奖品
根据您的反馈,会自动生成issue模板。您只需点击按钮,创建issue即可。