Long-Term Supported Versions

    Appendix

    configuration.toml

    NOTE:
    The value of each field in the configuration.toml file is subject to the configuration.toml file in the kata-containers-<version>.rpm package. You cannot set any field in the configuration file.

    [hypervisor.qemu]
    path: specifies the execution path of the virtualization QEMU.
    kernel: specifies the execution path of the guest kernel.
    initrd: specifies the guest initrd execution path.
    image: specifies the execution path of the guest image (not applicable).
    machine_type: specifies the type of the analog chip. The value is virt for the ARM architecture and pc for the x86 architecture.
    kernel_params: specifies the running parameters of the guest kernel.
    firmware: specifies the firmware path. If this parameter is left blank, the default firmware is used.
    machine_accelerators: specifies an accelerator.
    default_vcpus: specifies the default number of vCPUs for each SB/VM.
    default_maxvcpus: specifies the default maximum number of vCPUs for each SB/VM.
    default_root_ports: specifies the default number of root ports for each SB/VM.
    default_bridges: specifies the default number of bridges for each SB/VM.
    default_memory: specifies the default memory size of each SB/VM. The default value is 1024 MiB.
    memory_slots: specifies the number of memory slots for each SB/VM. The default value is 10.
    memory_offset: specifies the memory offset. The default value is 0.
    disable_block_device_use: disables the block device from being used by the rootfs of the container.
    shared_fs: specifies the type of the shared file system. The default value is virtio-9p.
    virtio_fs_daemon: specifies the path of the vhost-user-fs daemon process.
    virtio_fs_cache_size: specifies the default size of the DAX cache.
    virtio_fs_cache: specifies the cache mode.
    block_device_driver: specifies the driver of a block device.
    block_device_cache_set: specifies whether to set cache-related options for a block device. The default value is false.
    block_device_cache_direct: specifies whether to enable O_DIRECT. The default value is false.
    block_device_cache_noflush: specifies whether to ignore device update requests. The default value is false.
    enable_iothreads: enables iothreads.
    enable_mem_prealloc: enables VM RAM pre-allocation. The default value is false.
    enable_hugepages: enables huge pages. The default value is false.
    enable_swap: enables the swap function. The default value is false.
    enable_debug: enables QEMU debugging. The default value is false.
    disable_nesting_checks: disables nested check.
    msize_9p = 8192: specifies the number of bytes transmitted in each 9p packet.
    use_vsock: uses vsocks to directly communicate with the agent (the prerequisite is that vsocks is supported). The default value is false.
    hotplug_vfio_on_root_bus: enables the hot swap of the VFIO device on the root bus. The default value is false.
    disable_vhost_net: disables vhost_net. The default value is false.
    entropy_source: specifies the default entropy source.
    guest_hook_path: specifies the binary path of the guest hook.
    
    [factory]
    enable_template: enables the VM template. The default value is false.
    template_path: specifies the template path.
    vm_cache_number: specifies the number of VM caches. The default value is 0.
    vm_cache_endpoint: specifies the address of the Unix socket used by the VMCache. The default value is /var/run/kata-containers/cache.sock.
    
    [proxy.kata]
    path: specifies the kata-proxy running path.
    enable_debug: enables proxy debugging. The default value is false.
    
    [shim.kata]
    path: specifies the running path of kata-shim.
    enable_debug: enables shim debugging. The default value is false.
    enable_tracing: enables shim opentracing.
    
    [agent.kata]
    enable_debug: enables the agent debugging function. The default value is false.
    enable_tracing: enables the agent tracing function.
    trace_mode: specifies the trace mode.
    trace_type: specifies the trace type.
    enable_blk_mount: enables guest mounting of the block device.
    
    [netmon]
    enable_netmon: enables network monitoring. The default value is false.
    path: specifies the kata-netmon running path.
    enable_debug: enables netmon debugging. The default value is false.
    
    [runtime]
    enable_debug: enables runtime debugging. The default value is false.
    enable_cpu_memory_hotplug: enables CPU and memory hot swap. The default value is false.
    internetworking_model: specifies the network interconnection mode between VMs and containers.
    disable_guest_seccomp: disables the seccemp security mechanism in the guest application. The default value is true.
    enable_tracing: enables runtime opentracing. The default value is false.
    disable_new_netns: disables network namespace creation for the shim and hypervisor processes. The default value is false.
    experimental: enables the experimental feature, which does not support user-defined configurations.
    

    APIs

    Table 1 Commands related to the kata-runtime network

    Command

    Subcommand

    File Example

    Field

    Description

    Remarks

    kata-network

    NOTE:
    • The kata-network command must be used in groups. Network devices that are not added using kata-runtime kata-network cannot be deleted or listed using kata-runtime kata-network. The reverse is also true.
    • kata-runtime kata-network imports configuration parameters through a file or stdin.

    add-iface

    NOTE:
    • An interface can be added to only one container.
    • The execution result is subject to the returned value (non-zero return value).

      

    {

    "device":"tap1",

    "name":"eth1",

    "IPAddresses":[{"address":"172.17.1.10","mask":"24"}],

    "mtu":1300,

    "hwAddr":"02:42:20:6f:a2:80"

    "vhostUserSocket":"/usr/local/var/run/openvswitch/vhost-user1"

    }

      

    device

    Sets the name of the NIC on a host.

    Mandatory. The value can contain a maximum of 15 characters, including letters, digits, underscores (\_), hyphens (-), and periods (.). It must start with a letter. The device name must be unique on the same host.

    name

    Sets the name of the NIC in the container.

    Mandatory. The value can contain a maximum of 15 characters, including letters, digits, underscores (\_), hyphens (-), and periods (.). It must start with a letter. Ensure that the name is unique in the same sandbox.

    IPAddresses

    Sets the IP address of an NIC.

    Optional.

    Currently, one IP address can be configured for each NIC. If no IP address is configured for the NIC, no IP address will be configured in the container, either.

    mtu

    Sets the MTU of an NIC.

    Mandatory.

    The value ranges from 46 to 9600.

    hwAddr

    Sets the MAC address of an NIC.

    Mandatory.

    vhostUserSocket

    Sets the DPDK polling socket path.

    Optional.

    The path contains a maximum of 128 bytes. The naming rule can contain digits, letters, and hyphens (-). The path name must start with a letter.

    del-iface

    {

    "name":"eth1"

    }

    None

    Deletes an NIC from a container.

    NOTE:

    When deleting a NIC, you can only delete it based on the name field in the NIC container. Kata does not identify other fields.

    list-ifaces

    None

    None

    Queries the NIC list in a container.

    None

    add-route

    {

    "dest":"172.17.10.10/24",

    "gateway":"",

    "device":"eth1"

    }

    dest

    Sets the network segment corresponding to the route.

    The value is in the format of <ip>/<mask>. <ip> is mandatory.

    There are three cases:

    1. Both IP address and mask are configured.

    2. If only an IP address is configured, the default mask is 32.

    3. If "dest":"default" is configured, there is no destination by default. In this case, the gateway needs to be configured.

    gateway

    Sets the next-hop gateway of the route.

    When "dest":"default" is configured, the gateway is mandatory. In other cases, this parameter is optional.

    device

    Sets the name of the NIC corresponding to the route.

    Mandatory.

    The value contains a maximum of 15 characters.

    del-route

    {

    "dest":"172.17.10.10/24"

    }

    None

    Deletes a container routing rule.

    dest is mandatory, and both device and gateway are optional.

    NOTE:

    Kata performs fuzzy match based on different fields and deletes the corresponding routing rules.

    list-routes

    None

    None

    Queries the route list in a container.

    None

    Table 2 kata-ipvs command line interfaces

    Command

    Subcommand

    Field

    Parameter

    Sub-parameter

    Description

    Remarks

    kata-ipvs

    ipvsadm

    --parameters

    -A, --add-service

    -t, --tcp-service

    -u, --udp-service

    Virtual service type.

    Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

    Example:

    kata-runtime kata-ipvs ipvsadm --parameters "--add-service --tcp-service 172.17.0.7:80 --scheduler rr --persistent 3000" <container-id>

    -s, --scheduler

    Load balancing scheduling algorithm.

    Mandatory. Value range: rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq.

    -p, --persistent

    Service duration.

    Mandatory. The value ranges from 1 to 2678400, in seconds.

    -E, --edit-service

    -t, --tcp-service

    -u, --udp-service

    Virtual service type.

    Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

    -s, --scheduler

    Load balancing scheduling algorithm.

    Mandatory. Value range: rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq.

    -p, --persistent

    Service duration.

    Mandatory. The value ranges from 1 to 2678400, in seconds.

    -D, --delete-service

    -t, --tcp-service

    -u, --udp-service

    Virtual service type.

    Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

    -a, --add-server

    -t, --tcp-service

    -u, --udp-service

    Virtual service type.

    Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

    Example:

    kata-runtime kata-ipvs ipvsadm --parameters "--add-server --tcp-service 172.17.0.7:80 --real-server 172.17.0.4:80 --weight 100" <container-id>

    -r, --real-server

    Real server address.

    Mandatory. The format is ip:port. The value of port ranges from 1 to 65535.

    -w, --weight

    Weight

    Optional. The value ranges from 0 to 65535.

    -e, --edit-server

    -t, --tcp-service

    -u, --udp-service

    Virtual service type.

    Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

    -r, --real-server

    Real server address.

    Mandatory. The format is ip:port. The value of port ranges from 1 to 65535.

    -w, --weight

    Weight

    Optional. The value ranges from 0 to 65535.

    -d, --delete-server

    -t, --tcp-service

    -u, --udp-service

    Virtual service type.

    Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.

    -r, --real-server

    Real server address.

    Mandatory. The format is ip:port. The value of port ranges from 1 to 65535.

    -L, --list

    -t, --tcp-service

    -u, --udp-service

    Queries virtual service information.

    Optional.

    Example:

    kata-runtime kata-ipvs ipvsadm --parameters "--list --tcp-service ip:port" <container-id>

    --set

    --tcp

    TCP timeout.

    Mandatory. The value ranges from 0 to 1296000.

    Example:

    kata-runtime kata-ipvs ipvsadm --parameters "--set 100 100 200" <container-id>

    --tcpfin

    TCP FIN timeout.

    Mandatory. The value ranges from 0 to 1296000.

    --udp

    UDP timeout.

    Mandatory. The value ranges from 0 to 1296000.

    --restore

    -

    Imports standard inputs in batches.

    Rule files can be specified.

    Example:

    kata-runtime kata-ipvs ipvsadm --restore - < <rule file path> <container-id>
    NOTE:

    By default, the NAT mode is used for adding a single real server. To add real servers in batches, you need to manually add the -m option to use the NAT mode.

    The following is an example of the rule file content:

    -A -t 10.10.11.12:100 -s rr -p 3000

    -a -t 10.10.11.12:100 -r 172.16.0.1:80 -m

    -a -t 10.10.11.12:100 -r 172.16.0.1:81 -m

    -a -t 10.10.11.12:100 -r 172.16.0.1:82 -m

    cleanup

    --parameters

    -d, --orig-dst

    Specifies the IP address.

    Mandatory.

    Example:

    kata-runtime kata-ipvs cleanup --parameters "--orig-dst 172.17.0.4 --protonum tcp" <container-id>

    -p, --protonum

    Protocol type.

    Mandatory. The value can be tcp or udp.

    Bug Catching

    Buggy Content

    Bug Description

    Submit As Issue

    It's a little complicated....

    I'd like to ask someone.

    PR

    Just a small problem.

    I can fix it online!

    Bug Type
    Specifications and Common Mistakes

    ● Misspellings or punctuation mistakes;

    ● Incorrect links, empty cells, or wrong formats;

    ● Chinese characters in English context;

    ● Minor inconsistencies between the UI and descriptions;

    ● Low writing fluency that does not affect understanding;

    ● Incorrect version numbers, including software package names and version numbers on the UI.

    Usability

    ● Incorrect or missing key steps;

    ● Missing prerequisites or precautions;

    ● Ambiguous figures, tables, or texts;

    ● Unclear logic, such as missing classifications, items, and steps.

    Correctness

    ● Technical principles, function descriptions, or specifications inconsistent with those of the software;

    ● Incorrect schematic or architecture diagrams;

    ● Incorrect commands or command parameters;

    ● Incorrect code;

    ● Commands inconsistent with the functions;

    ● Wrong screenshots.

    Risk Warnings

    ● Lack of risk warnings for operations that may damage the system or important data.

    Content Compliance

    ● Contents that may violate applicable laws and regulations or geo-cultural context-sensitive words and expressions;

    ● Copyright infringement.

    How satisfied are you with this document

    Not satisfied at all
    Very satisfied
    Submit
    Click to create an issue. An issue template will be automatically generated based on your feedback.
    Bug Catching
    编组 3备份