kata-deploy分析原创
在节点上安装必要的 Kata 二进制文件、配置文件和虚拟机组件。安装后,DaemonSet 添加一个节点标签katacontainers.io/kata-runtime=true并重新配置 CRI-O 或 containerd 以注册三个runtimeClasses:kata-clh、kata-qemu和kata-fc。作为最后一步,DaemonSet 重新启动 CRI-O 或 containerd。删除后,DaemonSet 会删除 Kata 二进制文件和 VM 工件,并将节点标签更新为katacontainers.io/kata-runtime=cleanup.
# Host artifacts:
cloud-hypervisor, firecracker, qemu, and supporting binaries containerd-shim-kata-v2 kata-collect-data.sh kata-runtime
# Virtual Machine artifacts:
kata-containers.img and kata-containers-initrd.img vmlinuz.container and vmlinuz-virtiofs.container
# 部署kata-deploy之后
[root@localhost ~]# ps -ef | grep kata
root 16533 16031 0 14:26 pts/1 00:00:00 grep --color=auto kata
root 24526 20728 0 11:09 ? 00:00:00 bash /opt/kata-artifacts/scripts/kata-deploy.sh install
[root@localhost ~]# ps -ef | grep qemu
root 18834 16031 0 14:27 pts/1 00:00:00 grep --color=auto qemu
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# ps -ef | grep kvm
root 756 2 0 Mar25 ? 00:00:00 [kvm-irqfd-clean]
root 18975 16031 0 14:27 pts/1 00:00:00 grep --color=auto kvm
[root@localhost ~]# ls /opt/kata/
bin libexec share
[root@localhost ~]# ls /opt/kata/bin/
cloud-hypervisor firecracker kata-collect-data.sh kata-runtime
containerd-shim-kata-v2 jailer kata-monitor qemu-system-x86_64
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# kata-deploy内部
[root@kata-deploy-6r86s /]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 03:09 ? 00:00:00 bash /opt/kata-artifacts/scripts/kata-deploy.sh install
root 80 1 0 03:09 ? 00:00:00 sleep infinity
root 81 0 0 06:41 pts/0 00:00:00 bash
root 96 81 0 06:42 pts/0 00:00:00 ps -ef
挂载/run/system后可以控制宿主机服务
[root@kata-deploy-6r86s /]# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2022-04-07 06:47:47 UTC; 6min ago
Docs: https://containerd.io
Process: 3033 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 3035
Tasks: 585
Memory: 535.9M
CGroup: /system.slice/containerd.service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 部署后containerd配置追加
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata]
runtime_type = "io.containerd.kata.v2"
privileged_without_host_devices = true
pod_annotations = ["io.katacontainers.*"]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata.options]
ConfigPath = "/opt/kata/share/defaults/kata-containers/configuration.toml"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-fc]
runtime_type = "io.containerd.kata-fc.v2"
privileged_without_host_devices = true
pod_annotations = ["io.katacontainers.*"]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-fc.options]
ConfigPath = "/opt/kata/share/defaults/kata-containers/configuration-fc.toml"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-qemu]
runtime_type = "io.containerd.kata-qemu.v2"
privileged_without_host_devices = true
pod_annotations = ["io.katacontainers.*"]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-qemu.options]
ConfigPath = "/opt/kata/share/defaults/kata-containers/configuration-qemu.toml"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-clh]
runtime_type = "io.containerd.kata-clh.v2"
privileged_without_host_devices = true
pod_annotations = ["io.katacontainers.*"]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-clh.options]
ConfigPath = "/opt/kata/share/defaults/kata-containers/configuration-clh.toml"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# 部署日志:
copying kata artifacts onto host
warning: containerd-shim-kata-fc-v2 already exists
#!/usr/bin/env bash
KATA_CONF_FILE=/opt/kata/share/defaults/kata-containers/configuration-fc.toml /opt/kata/bin/containerd-shim-kata-v2 "$@"
warning: containerd-shim-kata-qemu-v2 already exists
#!/usr/bin/env bash
KATA_CONF_FILE=/opt/kata/share/defaults/kata-containers/configuration-qemu.toml /opt/kata/bin/containerd-shim-kata-v2 "$@"
Creating the default shim-v2 binary
warning: containerd-shim-kata-clh-v2 already exists
#!/usr/bin/env bash
KATA_CONF_FILE=/opt/kata/share/defaults/kata-containers/configuration-clh.toml /opt/kata/bin/containerd-shim-kata-v2 "$@"
Add Kata Containers as a supported runtime for containerd
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata]
runtime_type = "io.containerd.kata.v2"
privileged_without_host_devices = true
pod_annotations = ["io.katacontainers.*"]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata.options]
ConfigPath = "/opt/kata/share/defaults/kata-containers/configuration.toml"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-fc]
runtime_type = "io.containerd.kata-fc.v2"
privileged_without_host_devices = true
pod_annotations = ["io.katacontainers.*"]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-fc.options]
ConfigPath = "/opt/kata/share/defaults/kata-containers/configuration-fc.toml"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-qemu]
runtime_type = "io.containerd.kata-qemu.v2"
privileged_without_host_devices = true
pod_annotations = ["io.katacontainers.*"]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-qemu.options]
ConfigPath = "/opt/kata/share/defaults/kata-containers/configuration-qemu.toml"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-clh]
runtime_type = "io.containerd.kata-clh.v2"
privileged_without_host_devices = true
pod_annotations = ["io.katacontainers.*"]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata-clh.options]
ConfigPath = "/opt/kata/share/defaults/kata-containers/configuration-clh.toml"
node/localhost.localdomain unlabeled
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
上次更新: 2022/08/24, 18:07:47