Long-Term Supported Versions

    Innovation Versions

      Interconnecting with the iSula Secure Container



      To provide a better isolation environment for containers and improve system security, it is necessary to connect Kata to StratoVirt in the iSula secure container scenario.

      Interconnection with an iSula Secure Container


      iSulad and Kata containers have been installed.


      The default path of the Kata configuration file is /usr/share/defaults/kata-containers/configuration.toml.

      1. Compile kata-kernel.

        • Download kata-containers/packaging
        • Paste the corresponding config file under /kernel/configs/ to the kernel folder and rename .config:
        cp x86_64_kata_kvm_4.14.x /home/kernel/.config
        • Enter the kernel/ and execute the command:
        make -j vmlinux
        objcopy -O binary vmlinux vmlinux.bin
      2. Compile Kata containers-initrd.img.

        • Download kata_integration
        • Enter kata_Integration directory and download kata-agent
        • In kata_integration/ create the folder build under the integration directory
        • Rename the kata-agent directory to agent
        • Enter the agent/ folder
        • Apply patch:
        • Enter kata_integration/ directory and compile:
        make initrd
        • Enter the build folder and view the compilation results:kata-agent kata-containers-initrd.img
      3. Modify the configuration file to set the hypervisor type of the secure sandbox to stratovirt.

        path = "/home/stratovirt.sh"
        kernel = "/home/kernel/vmlinux.bin"
        initrd = "/var/lib/kata/kata-containers-initrd.img"
        block_device_driver = "virtio-mmio"
        use_vsock = true
        enable_netmon = false
        sandbox_cgroup_with_emulator = false
        disable_new_netns = false
      4. Set the execution file path of the secure sandbox to the absolute path of stratovirt.sh. The content of the stratovirt.sh script is as follows:

        export STRATOVIRT_LOG_LEVEL=info  # set log level which includes trace, debug, info, warn and error.
        /usr/bin/stratovirt $@
      5. Run iSulad to connect Kata to StratoVirt.

        $ isula run -tid --runtime=kata-runtime --name test busybox:latest sh

      Bug Catching

      Buggy Content

      Bug Description

      Submit As Issue

      It's a little complicated....

      I'd like to ask someone.


      Just a small problem.

      I can fix it online!

      Bug Type
      Specifications and Common Mistakes

      ● Misspellings or punctuation mistakes;

      ● Incorrect links, empty cells, or wrong formats;

      ● Chinese characters in English context;

      ● Minor inconsistencies between the UI and descriptions;

      ● Low writing fluency that does not affect understanding;

      ● Incorrect version numbers, including software package names and version numbers on the UI.


      ● Incorrect or missing key steps;

      ● Missing prerequisites or precautions;

      ● Ambiguous figures, tables, or texts;

      ● Unclear logic, such as missing classifications, items, and steps.


      ● Technical principles, function descriptions, or specifications inconsistent with those of the software;

      ● Incorrect schematic or architecture diagrams;

      ● Incorrect commands or command parameters;

      ● Incorrect code;

      ● Commands inconsistent with the functions;

      ● Wrong screenshots.

      Risk Warnings

      ● Lack of risk warnings for operations that may damage the system or important data.

      Content Compliance

      ● Contents that may violate applicable laws and regulations or geo-cultural context-sensitive words and expressions;

      ● Copyright infringement.

      How satisfied are you with this document

      Not satisfied at all
      Very satisfied
      Click to create an issue. An issue template will be automatically generated based on your feedback.
      Bug Catching
      编组 3备份