安装部署

安装 Kata 前需要预先安装 KVM 套件和 containerd,本文不再赘述。

基于预编译的二进制文件安装 Kata 参考

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

#  release 页面下载 kata-static-3.0.2-x86_64.tar.xz)
xz kata-static-3.0.2-x86_64.tar.xz
tar xvf kata-static-3.0.2-x86_64.tar
mv opt/kata /opt
sudo cp /opt/kata/share/defaults/kata-containers/configuration.toml /etc/kata-containers/configuration.toml
sudo ln -sf /opt/kata/bin/containerd-shim-kata-v2 /usr/local/bin/containerd-shim-kata-v2
sudo ln -sf /opt/kata/bin/kata-runtime /usr/local/bin/kata-runtime
sudo ln -sf /opt/kata/bin/kata-monitor /usr/local/bin/kata-monitor
# 执行环境检查
sudo kata-runtime check --no-network-checks

在 Ubuntu 环境中,kata 支持通过 snap 一键安装 sudo snap install kata-containers --classic。 由于 kata 2.x 不支持在 cgroupv1 上运行,而 snap 当前最新安装版本只到2.4,所以建议通过二进制文件安装 kata 3.x。

Kata 集成 Containerd

配置 CNI

集成 kata 到 Containerd 前,需要为 Containerd 配置 CNI,参考以下步骤:

1
2
3

mkdir /opt/cni/bin
wget https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz
sudo tar -zxvf cni-plugins-linux-amd64-v1.2.0.tgz -C /opt/cni/bin

创建以下配置文件 /etc/cni/net.d/10-bridge-net.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

{
  "cniVersion": "0.2.0",
  "name": "brnet",
  "type": "bridge",
  "bridge": "cni0",
  "isGateway": true,
  "ipMasq": true,
  "ipam": {
    "type": "host-local",
    "subnet": "10.10.10.0/24",
    "routes": [
      {
        "dst": "0.0.0.0/0"
      }
    ]
  }
}

配置运行时

在 Containerd中集成 kata 有好几种方式,以下配置同时支持两个版本运行时(runc 和 kata),更新 containerd 的配置文件/etc/containerd/config.toml,如下:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

[plugins.cri.cni]
    # conf_dir is the directory in which the admin places a CNI conf.
    conf_dir = "/etc/cni/net.d"

[plugins.cri.containerd]
      no_pivot = false
    [plugins.cri.containerd.runtimes]
      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
         privileged_without_host_devices = false
         runtime_type = "io.containerd.runc.v2"
        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
            BinaryName = ""
            CriuImagePath = ""
            CriuPath = ""
            CriuWorkPath = ""
            IoGid = 0
      [plugins.cri.containerd.runtimes.kata]
         runtime_type = "io.containerd.kata.v2"
         privileged_without_host_devices = true
         pod_annotations = ["io.katacontainers.*"]
         container_annotations = ["io.katacontainers.*"]
         [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata.options]
            ConfigPath = "/etc/kata-containers/configuration.toml"

运行测试容器(PS:ctr 删除容器需要先 kill 容器主进程,之后才能删除,sudo ctr tasks kill -a -s 9 

1
2

sudo ctr run --cni --runtime io.containerd.runc.v2     -t --rm registry.lqingcloud.cn/library/centos:7.4.1708 centos-runc sh
sudo ctr run --cni --runtime io.containerd.run.kata.v2 -t --rm registry.lqingcloud.cn/library/centos:7.4.1708 centos-kata sh

参考