前提

• 物理机已开启硬件虚拟化
• k8s容器运行时使用containerd（推荐）

部署

• 给kata节点打上label: kata-worker=true（如果不需要区分kata节点，可以把kata-deploy中的节点亲和性去掉）
• 生成configuration.toml分发到各个kata节点（所有节点）/etc/kata-containers/configuration.toml
• 创建kata资源：kata-rbac.yaml、kata-deploy.yaml，创建runtimeClass： runtimeClass.yaml

$ kubectl apply -f kata-rbac.yaml
$ kubectl apply -f kata-deploy.yaml

$ kubectl -n kube-system wait --timeout=10m --for=condition=Ready -l name=kata-deploy pod

$ kubectl apply -f kata-runtimeClasses.yaml

• 各个kata节点（所有节点）创建软链接：

ln -s /opt/kata/bin/kata-runtime /usr/bin/kata-runtime
ln -s /opt/kata/bin/kata-monitor /usr/bin/kata-monitor

注：

• 需要注意的是kata-deploy重启可能会导致默认的configuration.toml文件恢复默认配置，因此使用的是优先级更高的/etc/kata-containers/configuration.toml
• 使用ctr run创建的容器默认使用的是-qemu配置（/opt/kata/share/defaults/kata-containers/configuration-qemu.toml），如果需要使用ctr run测试，请同步配置到-qemu配置，或重定向shim链接到新的文件下

部署kata-monitor

详情见[[kata-monitor监控]]

kata节点运行kata-monitor守护进程

[root@localhost ~]# cat /etc/systemd/system/kata-monitor.service
[Unit]
Description=kata monitor

[Service]
ExecStart=/opt/kata/bin/kata-monitor -listen-address 0.0.0.0:8090
Restart=always
StartLimitInterval=0
RestartSec=10

[Install]
WantedBy=multi-user.target

promethues增加scrape_configs

- job_name: 'kata'
    static_configs:
    - targets: ['<kata节点IP>:8090']

导入 Grafana dashborad

$ curl -XPOST -i <grafana节点IP>:3000/api/dashboards/import \
    -u admin:admin \
    -H "Content-Type: application/json" \
	-d "{\"dashboard\":$(curl -sL https://raw.githubusercontent.com/kata-containers/kata-containers/main/docs/how-to/data/dashboard.json )}"

检查：

[root@rqy-k8s-1 ~]# kata-runtime check
  WARN[0000] Not running network checks as super user      arch=amd64 name=kata-runtime pid=48176 source=runtime
  System is capable of running Kata Containers
  System can currently create Kata Containers

卸载

• 删除所有kata容器
• 删除kata节点软连接
• 删除kata资源：kata-rbac.yaml、kata-deploy.yaml、runtimeClass.yaml
• 删除kata节点configuration.toml文件

$ kubectl delete -f kata-deploy.yaml

$ kubectl -n kube-system wait --timeout=10m --for=delete -l name=kata-deploy pod

$ kubectl apply -f kata-cleanup.yaml
# The cleanup daemon-set will run a single time, cleaning up the node-label, which makes it difficult to check in an automated fashion. This process should take, at most, 5 minutes.
# kubectl get pod -n kube-system | grep kubelet-kata-cleanup

$ kubectl delete -f kata-cleanup.yaml
$ kubectl delete -f kata-rbac.yaml
$ kubectl delete -f kata-runtimeClasses.yaml

升级(TODO)