Installation and Deployment

Installation Methods

Prerequisites

  • root permissions are required for installing a secure container.
  • For better performance, a secure container needs to run on the bare metal server and must not run on VMs.
  • A secure container depends on the following components from the corresponding openEuler version. Ensure that the required components have been installed in the environment. To install iSulad, refer to Installation Methods.
    • docker-engine
    • qemu

Installation Procedure

Released secure container components are integrated in the kata-containers-version.rpm package. You can run the rpm command to install the corresponding software.

rpm -ivh kata-containers-<version>.rpm

Deployment Configuration

Configuring the Docker Engine

To enable the Docker engine to support kata-runtime, perform the following steps to configure the Docker engine:

  1. Ensure that all software packages (docker-engine and kata-containers) have been installed in the environment.

  2. Stop the Docker engine.

    systemctl stop docker
    
  3. Modify the configuration file /etc/docker/daemon.json of the Docker engine and add the following configuration:

    {
      "runtimes": {
        "kata-runtime": {
          "path": "/usr/bin/kata-runtime",
          "runtimeArgs": [
              "--kata-config",
              "/usr/share/defaults/kata-containers/configuration.toml"
            ]
        }
      }
    }
    
  4. Restart the Docker engine.

    systemctl start docker
    

iSulad Configuration

To enable the iSulad to support the new container runtime kata-runtime, perform the following steps which are similar to those for the container engine docker-engine:

  1. Ensure that all software packages (iSulad and kata-containers) have been installed in the environment.

  2. Stop iSulad.

    systemctl stop isulad
    
  3. Modify the /etc/isulad/daemon.json configuration file of the iSulad and add the following configurations:

    {
      "runtimes": {
        "kata-runtime": {
          "path": "/usr/bin/kata-runtime",
          "runtime-args": [
              "--kata-config",
              "/usr/share/defaults/kata-containers/configuration.toml"
            ]
        }
      }
    }
    
  4. Restart iSulad.

    systemctl start isulad
    

Configuration.toml

The secure container provides a global configuration file configuration.toml. Users can also customize the path and configuration options of the secure container configuration file.

In the runtimeArges field of Docker engine, you can use –kata-config to specify a private file. The default configuration file path is /usr/share/defaults/kata-containers/configuration.toml.

The following lists the common fields in the configuration file. For details about the configuration file options, see configuration.toml.

  1. hypervisor.qemu

    • path: specifies the execution path of the virtualization QEMU.
    • kernel: specifies the execution path of the guest kernel.
    • initrd: specifies the guest initrd execution path.
    • machine_type: specifies the type of the analog chip. The value is virt for the ARM architecture and pc for the x86 architecture.
    • kernel_params: specifies the running parameters of the guest kernel.
  2. proxy.kata

    • path: specifies the kata-proxy running path.
    • enable_debug: enables the debugging function for the kata-proxy process.
  3. agent.kata

    • enable_blk_mount: enables guest mounting of the block device.
    • enable_debug: enables the debugging function for the kata-agent process.
  4. runtime

    • enable_cpu_memory_hotplug: enables CPU and memory hot swap.
    • enable_debug: enables debugging for the kata-runtime process.

有奖捉虫

“有虫”文档片段

存在的问题

提交类型 issue
有点复杂...
找人问问吧。
PR
小问题,全程线上修改...
一键搞定!
问题类型
规范和低错类

● 错别字或拼写错误;标点符号使用错误;

● 链接错误、空单元格、格式错误;

● 英文中包含中文字符;

● 界面和描述不一致,但不影响操作;

● 表述不通顺,但不影响理解;

● 版本号不匹配:如软件包名称、界面版本号;

易用性

● 关键步骤错误或缺失,无法指导用户完成任务;

● 缺少必要的前提条件、注意事项等;

● 图形、表格、文字等晦涩难懂;

● 逻辑不清晰,该分类、分项、分步骤的没有给出;

正确性

● 技术原理、功能、规格等描述和软件不一致,存在错误;

● 原理图、架构图等存在错误;

● 命令、命令参数等错误;

● 代码片段错误;

● 命令无法完成对应功能;

● 界面错误,无法指导操作;

风险提示

● 对重要数据或系统存在风险的操作,缺少安全提示;

内容合规

● 违反法律法规,涉及政治、领土主权等敏感词;

● 内容侵权;

您对文档的总体满意度

非常不满意
非常满意
创Issue赢奖品
根据您的反馈,会自动生成issue模板。您只需点击按钮,创建issue即可。