Appendix

Appendix
- configuration.toml
- APIs

configuration.toml

NOTE

The value of each field in the configuration.toml file is subject to the configuration.toml file in the kata-containers-<version>.rpm package. You cannot set any field in the configuration file.

text

[hypervisor.qemu]
path: specifies the execution path of the virtualization QEMU.
kernel: specifies the execution path of the guest kernel.
initrd: specifies the guest initrd execution path.
image: specifies the execution path of the guest image (not applicable).
machine_type: specifies the type of the analog chip. The value is virt for the ARM architecture and pc for the x86 architecture.
kernel_params: specifies the running parameters of the guest kernel.
firmware: specifies the firmware path. If this parameter is left blank, the default firmware is used.
machine_accelerators: specifies an accelerator.
default_vcpus: specifies the default number of vCPUs for each SB/VM.
default_maxvcpus: specifies the default maximum number of vCPUs for each SB/VM.
default_root_ports: specifies the default number of root ports for each SB/VM.
default_bridges: specifies the default number of bridges for each SB/VM.
default_memory: specifies the default memory size of each SB/VM. The default value is 1024 MiB.
memory_slots: specifies the number of memory slots for each SB/VM. The default value is 10.
memory_offset: specifies the memory offset. The default value is 0.
disable_block_device_use: disables the block device from being used by the rootfs of the container.
shared_fs: specifies the type of the shared file system. The default value is virtio-9p.
virtio_fs_daemon: specifies the path of the vhost-user-fs daemon process.
virtio_fs_cache_size: specifies the default size of the DAX cache.
virtio_fs_cache: specifies the cache mode.
block_device_driver: specifies the driver of a block device.
block_device_cache_set: specifies whether to set cache-related options for a block device. The default value is false.
block_device_cache_direct: specifies whether to enable O_DIRECT. The default value is false.
block_device_cache_noflush: specifies whether to ignore device update requests. The default value is false.
enable_iothreads: enables iothreads.
enable_mem_prealloc: enables VM RAM pre-allocation. The default value is false.
enable_hugepages: enables huge pages. The default value is false.
enable_swap: enables the swap function. The default value is false.
enable_debug: enables QEMU debugging. The default value is false.
disable_nesting_checks: disables nested check.
msize_9p = 8192: specifies the number of bytes transmitted in each 9p packet.
use_vsock: uses vsocks to directly communicate with the agent (the prerequisite is that vsocks is supported). The default value is false.
hotplug_vfio_on_root_bus: enables the hot swap of the VFIO device on the root bus. The default value is false.
disable_vhost_net: disables vhost_net. The default value is false.
entropy_source: specifies the default entropy source.
guest_hook_path: specifies the binary path of the guest hook.

[factory]
enable_template: enables the VM template. The default value is false.
template_path: specifies the template path.
vm_cache_number: specifies the number of VM caches. The default value is 0.
vm_cache_endpoint: specifies the address of the Unix socket used by the VMCache. The default value is /var/run/kata-containers/cache.sock.

[proxy.kata]
path: specifies the kata-proxy running path.
enable_debug: enables proxy debugging. The default value is false.

[shim.kata]
path: specifies the running path of kata-shim.
enable_debug: enables shim debugging. The default value is false.
enable_tracing: enables shim opentracing.

[agent.kata]
enable_debug: enables the agent debugging function. The default value is false.
enable_tracing: enables the agent tracing function.
trace_mode: specifies the trace mode.
trace_type: specifies the trace type.
enable_blk_mount: enables guest mounting of the block device.

[netmon]
enable_netmon: enables network monitoring. The default value is false.
path: specifies the kata-netmon running path.
enable_debug: enables netmon debugging. The default value is false.

[runtime]
enable_debug: enables runtime debugging. The default value is false.
enable_cpu_memory_hotplug: enables CPU and memory hot swap. The default value is false.
internetworking_model: specifies the network interconnection mode between VMs and containers.
disable_guest_seccomp: disables the seccemp security mechanism in the guest application. The default value is true.
enable_tracing: enables runtime opentracing. The default value is false.
disable_new_netns: disables network namespace creation for the shim and hypervisor processes. The default value is false.
experimental: enables the experimental feature, which does not support user-defined configurations.

APIs

Table 1 Commands related to the kata-runtime network

Command	Subcommand	File Example	Field	Description	Remarks
kata-network NOTE: The kata-network command must be used in groups. Network devices that are not added using kata-runtime kata-network cannot be deleted or listed using kata-runtime kata-network. The reverse is also true. kata-runtime kata-network imports configuration parameters through a file or stdin.	add-iface NOTE: An interface can be added to only one container. The execution result is subject to the returned value (non-zero return value).	{ "device":"tap1", "name":"eth1", "IPAddresses":[{"address":"172.17.1.10","mask":"24"}], "mtu":1300, "hwAddr":"02:42:20:6f:a2:80" "vhostUserSocket":"/usr/local/var/run/openvswitch/vhost-user1" }	device	Sets the name of the NIC on a host.	Mandatory. The value can contain a maximum of 15 characters, including letters, digits, underscores (\_), hyphens (-), and periods (.). It must start with a letter. The device name must be unique on the same host.
			name	Sets the name of the NIC in the container.	Mandatory. The value can contain a maximum of 15 characters, including letters, digits, underscores (\_), hyphens (-), and periods (.). It must start with a letter. Ensure that the name is unique in the same sandbox.
			IPAddresses	Sets the IP address of an NIC.	Optional. Currently, one IP address can be configured for each NIC. If no IP address is configured for the NIC, no IP address will be configured in the container, either.
			mtu	Sets the MTU of an NIC.	Mandatory. The value ranges from 46 to 9600.
			hwAddr	Sets the MAC address of an NIC.	Mandatory.
			vhostUserSocket	Sets the DPDK polling socket path.	Optional. The path contains a maximum of 128 bytes. The naming rule can contain digits, letters, and hyphens (-). The path name must start with a letter.
	del-iface	{ "name":"eth1" }	None	Deletes an NIC from a container.	NOTE: When deleting a NIC, you can only delete it based on the name field in the NIC container. Kata does not identify other fields.
	list-ifaces	None	None	Queries the NIC list in a container.	None
	add-route	{ "dest":"172.17.10.10/24", "gateway":"", "device":"eth1" }	dest	Sets the network segment corresponding to the route.	The value is in the format of <ip>/<mask>. <ip> is mandatory. There are three cases: 1. Both IP address and mask are configured. 2. If only an IP address is configured, the default mask is 32. 3. If "dest":"default" is configured, there is no destination by default. In this case, the gateway needs to be configured.
			gateway	Sets the next-hop gateway of the route.	When "dest":"default" is configured, the gateway is mandatory. In other cases, this parameter is optional.
			device	Sets the name of the NIC corresponding to the route.	Mandatory. The value contains a maximum of 15 characters.
	del-route	{ "dest":"172.17.10.10/24" }	None	Deletes a container routing rule.	dest is mandatory, and both device and gateway are optional. NOTE: Kata performs fuzzy match based on different fields and deletes the corresponding routing rules.
	list-routes	None	None	Queries the route list in a container.	None

Table 2 kata-ipvs command line interfaces

Command	Subcommand	Field	Parameter	Sub-parameter	Description	Remarks
kata-ipvs	ipvsadm	--parameters	-A, --add-service	-t, --tcp-service -u, --udp-service	Virtual service type.	Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535. Example: kata-runtime kata-ipvs ipvsadm --parameters "--add-service --tcp-service 172.17.0.7:80 --scheduler rr --persistent 3000" <container-id>
				-s, --scheduler	Load balancing scheduling algorithm.	Mandatory. Value range: rr\|wrr\|lc\|wlc\|lblc\|lblcr\|dh\|sh\|sed\|nq.
				-p, --persistent	Service duration.	Mandatory. The value ranges from 1 to 2678400, in seconds.
			-E, --edit-service	-t, --tcp-service -u, --udp-service	Virtual service type.	Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.
				-s, --scheduler	Load balancing scheduling algorithm.	Mandatory. Value range: rr\|wrr\|lc\|wlc\|lblc\|lblcr\|dh\|sh\|sed\|nq.
				-p, --persistent	Service duration.	Mandatory. The value ranges from 1 to 2678400, in seconds.
			-D, --delete-service	-t, --tcp-service -u, --udp-service	Virtual service type.	Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.
			-a, --add-server	-t, --tcp-service -u, --udp-service	Virtual service type.	Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535. Example: kata-runtime kata-ipvs ipvsadm --parameters "--add-server --tcp-service 172.17.0.7:80 --real-server 172.17.0.4:80 --weight 100" <container-id>
				-r, --real-server	Real server address.	Mandatory. The format is ip:port. The value of port ranges from 1 to 65535.
				-w, --weight	Weight	Optional. The value ranges from 0 to 65535.
			-e, --edit-server	-t, --tcp-service -u, --udp-service	Virtual service type.	Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.
				-r, --real-server	Real server address.	Mandatory. The format is ip:port. The value of port ranges from 1 to 65535.
				-w, --weight	Weight	Optional. The value ranges from 0 to 65535.
			-d, --delete-server	-t, --tcp-service -u, --udp-service	Virtual service type.	Mandatory. You can select --tcp-service or --udp-service. The format is ip:port. The value of port ranges from 1 to 65535.
			-d, --delete-server	-r, --real-server	Real server address.	Mandatory. The format is ip:port. The value of port ranges from 1 to 65535.
			-L, --list	-t, --tcp-service -u, --udp-service	Queries virtual service information.	Optional. Example: kata-runtime kata-ipvs ipvsadm --parameters "--list --tcp-service ip:port" <container-id>
			--set	--tcp	TCP timeout.	Mandatory. The value ranges from 0 to 1296000. Example: kata-runtime kata-ipvs ipvsadm --parameters "--set 100 100 200" <container-id>
				--tcpfin	TCP FIN timeout.	Mandatory. The value ranges from 0 to 1296000.
				--udp	UDP timeout.	Mandatory. The value ranges from 0 to 1296000.
		--restore	-		Imports standard inputs in batches. Rule files can be specified.	Example: kata-runtime kata-ipvs ipvsadm --restore - < <rule file path> <container-id> NOTE: By default, the NAT mode is used for adding a single real server. To add real servers in batches, you need to manually add the -m option to use the NAT mode. The following is an example of the rule file content: -A -t 10.10.11.12:100 -s rr -p 3000 -a -t 10.10.11.12:100 -r 172.16.0.1:80 -m -a -t 10.10.11.12:100 -r 172.16.0.1:81 -m -a -t 10.10.11.12:100 -r 172.16.0.1:82 -m
	cleanup	--parameters	-d, --orig-dst		Specifies the IP address.	Mandatory. Example: kata-runtime kata-ipvs cleanup --parameters "--orig-dst 172.17.0.4 --protonum tcp" <container-id>
	cleanup	--parameters	-p, --protonum		Protocol type.	Mandatory. The value can be tcp or udp.

Appendix ​

configuration.toml ​

APIs ​

Appendix

configuration.toml

APIs