LTS

    Innovation Version

      Installation and Deployment

      Installation Methods

      Prerequisites

      • root permissions are required for installing a secure container.
      • For better performance, a secure container needs to run on the bare metal server and must not run on VMs.
      • A secure container depends on the following components from the corresponding openEuler version. Ensure that the required components have been installed in the environment. To install iSulad, refer to Installation Methods.
        • docker-engine
        • qemu

      Installation Procedure

      Released secure container components are integrated in the kata-containers-version.rpm package. You can run the rpm command to install the corresponding software.

      rpm -ivh kata-containers-<version>.rpm
      

      Deployment Configuration

      Configuring the Docker Engine

      To enable the Docker engine to support kata-runtime, perform the following steps to configure the Docker engine:

      1. Ensure that all software packages (docker-engine and kata-containers) have been installed in the environment.

      2. Stop the Docker engine.

        systemctl stop docker
        
      3. Modify the configuration file /etc/docker/daemon.json of the Docker engine and add the following configuration:

        {
          "runtimes": {
            "kata-runtime": {
              "path": "/usr/bin/kata-runtime",
              "runtimeArgs": [
                  "--kata-config",
                  "/usr/share/defaults/kata-containers/configuration.toml"
                ]
            }
          }
        }
        
      4. Restart the Docker engine.

        systemctl start docker
        

      iSulad Configuration

      To enable the iSulad to support the new container runtime kata-runtime, perform the following steps which are similar to those for the container engine docker-engine:

      1. Ensure that all software packages (iSulad and kata-containers) have been installed in the environment.

      2. Stop iSulad.

        systemctl stop isulad
        
      3. Modify the /etc/isulad/daemon.json configuration file of the iSulad and add the following configurations:

        {
          "runtimes": {
            "kata-runtime": {
              "path": "/usr/bin/kata-runtime",
              "runtime-args": [
                  "--kata-config",
                  "/usr/share/defaults/kata-containers/configuration.toml"
                ]
            }
          }
        }
        
      4. Restart iSulad.

        systemctl start isulad
        

      Configuration.toml

      The secure container provides a global configuration file configuration.toml. Users can also customize the path and configuration options of the secure container configuration file.

      In the runtimeArges field of Docker engine, you can use --kata-config to specify a private file. The default configuration file path is /usr/share/defaults/kata-containers/configuration.toml.

      The following lists the common fields in the configuration file. For details about the configuration file options, see configuration.toml.

      1. hypervisor.qemu

        • path: specifies the execution path of the virtualization QEMU.
        • kernel: specifies the execution path of the guest kernel.
        • initrd: specifies the guest initrd execution path.
        • machine_type: specifies the type of the analog chip. The value is virt for the ARM architecture and pc for the x86 architecture.
        • kernel_params: specifies the running parameters of the guest kernel.
      2. proxy.kata

        • path: specifies the kata-proxy running path.
        • enable_debug: enables the debugging function for the kata-proxy process.
      3. agent.kata

        • enable_blk_mount: enables guest mounting of the block device.
        • enable_debug: enables the debugging function for the kata-agent process.
      4. runtime

        • enable_cpu_memory_hotplug: enables CPU and memory hot swap.
        • enable_debug: enables debugging for the kata-runtime process.

      Bug Catching

      Buggy Content

      Bug Description

      Submit As Issue

      It's a little complicated....

      I'd like to ask someone.

      PR

      Just a small problem.

      I can fix it online!

      Bug Type
      Specifications and Common Mistakes

      ● Misspellings or punctuation mistakes;

      ● Incorrect links, empty cells, or wrong formats;

      ● Chinese characters in English context;

      ● Minor inconsistencies between the UI and descriptions;

      ● Low writing fluency that does not affect understanding;

      ● Incorrect version numbers, including software package names and version numbers on the UI.

      Usability

      ● Incorrect or missing key steps;

      ● Missing prerequisites or precautions;

      ● Ambiguous figures, tables, or texts;

      ● Unclear logic, such as missing classifications, items, and steps.

      Correctness

      ● Technical principles, function descriptions, or specifications inconsistent with those of the software;

      ● Incorrect schematic or architecture diagrams;

      ● Incorrect commands or command parameters;

      ● Incorrect code;

      ● Commands inconsistent with the functions;

      ● Wrong screenshots.

      Risk Warnings

      ● Lack of risk warnings for operations that may damage the system or important data.

      Content Compliance

      ● Contents that may violate applicable laws and regulations or geo-cultural context-sensitive words and expressions;

      ● Copyright infringement.

      How satisfied are you with this document

      Not satisfied at all
      Very satisfied
      Submit
      Click to create an issue. An issue template will be automatically generated based on your feedback.
      Bug Catching
      编组 3备份