Installation and Deployment

Installation Methods


  • root permissions are required for installing a secure container.
  • For better performance, a secure container needs to run on the bare metal server and must not run on VMs.
  • A secure container depends on the following components from the corresponding openEuler version. Ensure that the required components have been installed in the environment. To install iSulad, refer to Installation Methods.
    • docker-engine
    • qemu

Installation Procedure

Released secure container components are integrated in the kata-containers-version.rpm package. You can run the rpm command to install the corresponding software.

rpm -ivh kata-containers-<version>.rpm

Deployment Configuration

Configuring the Docker Engine

To enable the Docker engine to support kata-runtime, perform the following steps to configure the Docker engine:

  1. Ensure that all software packages (docker-engine and kata-containers) have been installed in the environment.

  2. Stop the Docker engine.

    systemctl stop docker
  3. Modify the configuration file /etc/docker/daemon.json of the Docker engine and add the following configuration:

      "runtimes": {
        "kata-runtime": {
          "path": "/usr/bin/kata-runtime",
          "runtimeArgs": [
  4. Restart the Docker engine.

    systemctl start docker

iSulad Configuration

To enable the iSulad to support the new container runtime kata-runtime, perform the following steps which are similar to those for the container engine docker-engine:

  1. Ensure that all software packages (iSulad and kata-containers) have been installed in the environment.

  2. Stop iSulad.

    systemctl stop isulad
  3. Modify the /etc/isulad/daemon.json configuration file of the iSulad and add the following configurations:

      "runtimes": {
        "kata-runtime": {
          "path": "/usr/bin/kata-runtime",
          "runtime-args": [
  4. Restart iSulad.

    systemctl start isulad


The secure container provides a global configuration file configuration.toml. Users can also customize the path and configuration options of the secure container configuration file.

In the runtimeArges field of Docker engine, you can use –kata-config to specify a private file. The default configuration file path is /usr/share/defaults/kata-containers/configuration.toml.

The following lists the common fields in the configuration file. For details about the configuration file options, see configuration.toml.

  1. hypervisor.qemu

    • path: specifies the execution path of the virtualization QEMU.
    • kernel: specifies the execution path of the guest kernel.
    • initrd: specifies the guest initrd execution path.
    • machine_type: specifies the type of the analog chip. The value is virt for the ARM architecture and pc for the x86 architecture.
    • kernel_params: specifies the running parameters of the guest kernel.
  2. proxy.kata

    • path: specifies the kata-proxy running path.
    • enable_debug: enables the debugging function for the kata-proxy process.
  3. agent.kata

    • enable_blk_mount: enables guest mounting of the block device.
    • enable_debug: enables the debugging function for the kata-agent process.
  4. runtime

    • enable_cpu_memory_hotplug: enables CPU and memory hot swap.
    • enable_debug: enables debugging for the kata-runtime process.

Bug Catching

Buggy Content

Bug Description

Submit As Issue

It's a little complicated....

I'd like to ask someone.


Just a small problem.

I can fix it online!

Bug Type
Specifications and Common Mistakes

● Misspellings or punctuation mistakes;

● Incorrect links, empty cells, or wrong formats;

● Chinese characters in English context;

● Minor inconsistencies between the UI and descriptions;

● Low writing fluency that does not affect understanding;

● Incorrect version numbers, including software package names and version numbers on the UI.


● Incorrect or missing key steps;

● Missing prerequisites or precautions;

● Ambiguous figures, tables, or texts;

● Unclear logic, such as missing classifications, items, and steps.


● Technical principles, function descriptions, or specifications inconsistent with those of the software;

● Incorrect schematic or architecture diagrams;

● Incorrect commands or command parameters;

● Incorrect code;

● Commands inconsistent with the functions;

● Wrong screenshots.

Risk Warnings

● Lack of risk warnings for operations that may damage the system or important data.

Content Compliance

● Contents that may violate applicable laws and regulations or geo-cultural context-sensitive words and expressions;

● Copyright infringement.

How satisfied are you with this document

Not satisfied at all
Very satisfied
Click to create an issue. An issue template will be automatically generated based on your feedback.