-
Notifications
You must be signed in to change notification settings - Fork 304
Initial release of Kata Containers with Firecracker support
The 1.5.0-rc2 release of Kata Containers introduces support for the Firecracker hypervisor. While we do not yet have packages available for Firecracker, we do have the built binary included as part of our release tarball. A Firecracker specific tarball was created which includes all of the configurations and binaries required for running Kata+Firecracker.
This is a quick guide to show how to quickly start playing with Kata + Firecracker in docker. This is the initial introduction, and we have plenty of work around optimizations, but I expect users to be able to use block based volumes (up to 7 per container right now) as well as multiple network interfaces with these containers.
We plan to update kata-deploy's container image to allow users a quick daemonset for installing and configuring Kata (with both QEMU and Firecracker) in a Kubernetes cluster which utilizes containerd and/or CRIO. After this we will be adding admission controller support to help navigate the spectrum of runtime's configured with runtimeClass. Stay tuned for these updates! For now, you can install the static binaries and manually configure CRIO or containerd and start running basic pods. See this issue for current limitations of Kata+FC in Kubernetes.
The static binaries are posted on our release page, and 1.5.0-rc2 can be obtained as follows:
wget https://github.com/kata-containers/runtime/releases/download/1.5.0-rc2/kata-fc-static-1.5.0-rc2-x86_64.tar.gz
The tarball is designed to be decompressed into /
, placing all of the files within /opt/kata/. The runtime configuration is expected to land at /opt/kata/share/defaults/kata-containers/configuration.toml. Your mileage will vary if you make further changes. To install Kata on your system:
sudo tar -xvf kata-fc-static-1.5.0-rc2-x86_64.tar.gz -C /
Docker 18.06 is required for running Kata with Firecracker. For Kata+Firecracker, a block based driver like devicemapper is required. The latest release of Docker, 18.09, does not support devicemapper and is not compatible.
To configure Docker for devicemapper and Kata, set /etc/docker/daemon.json
with the following contents:
{
"runtimes": {
"kata": {
"path": "/opt/kata/bin/kata-runtime"
}
},
"storage-driver": "devicemapper"
}
Then restart docker:
sudo systemctl daemon-reload
sudo systemctl restart docker
Note, you'll need to make sure vsock is supported on your host system:
sudo modprobe vhost_vsock
Assuming vsock is supported, run the kata container:
docker run --runtime=kata -itd --name=oh-sweet alpine
You'll see firecracker is now running on your system, as well as a kata-shim process:
$ ps -ae | grep -E "kata|fire"
10174 ? 00:00:05 firecracker
10194 pts/5 00:00:00 kata-shim
You can exec into the container, providing a shell into a container which is running inside of a firecracker based virtual machine:
docker exec -it oh-sweet sh
#
After exiting the shell, you can then remove the container:
docker kill oh-sweet
docker rm oh-sweet