View
231
Download
0
Category
Preview:
Citation preview
Kata ContainersThe way to run virtualized containers
Sebastien Boeuf, Linux Software EngineerIntel Corporation
https://regmedia.co.uk/2017/09/11/shutterstock_containers_in_port.jpg
Containers 101
Host Linux kernel
namespaces
Process
namespaces
Process
namespaces
Process
CPU Memory Network Storage
Software is not enough !
Host Linux kernel
namespaces
Process
namespaces
Process
namespaces
Process
CPU Memory Network Storage
https://cdn-images-1.medium.com/max/800/1*zPiik9vlW_G7GU9bTjxhJQ.jpeg
Manual isolation
Baremetal server
VM
Linux kernel
namespaces
Process
namespaces
Process
namespaces
Process
VM
Linux kernel
namespaces
Process
namespaces
Process
namespaces
Process
https://s3.amazonaws.com/wordpress-production/wp-content/uploads/2015/12/collaborative-problem-solving.jpg
Kata Containers legacy
Intel® Clear Containers
May 2015 Dec 2017
*Other names and brands may be claimed as the property of others.
*
Host Linux kernel
VMVMVM
Kata Containers 101
Guest Linux kernel
namespaces
Process
Guest Linux kernel
namespaces
Guest Linux kernel
namespaces
Process
HWvirtualization
HWvirtualization
HWvirtualization
Process
https://marketingweek.imgix.net/content/uploads/2017/06/30121536/Ecosystem-body-image.jpg
Container ecosystem
Docker
OpenStack
Container
Process
runc
OCI
Container ecosystem
Kubernetes
CRI
Container
Process
runc
OCI
Container ecosystem
Kubernetes
Docker CRI
OpenStack
Container
Process
runc
OCI
VM
Guest Linux kernel
Seamless integration
Kubernetes
Docker CRI
OpenStack
Container
Process
kata-runtime
OCI
Architecture
Hypervisor
VM
Shim
Proxy
Guest Linux kernel
AgentRuntime
I/O OCI command
gRPC over Yamux
gRPC gRPC
Shim
Hypervisor serial interface
ns
proc
ns
proc
https://cdn.tinybuddha.com/wp-content/uploads/2015/07/Simplify.png
Architecture over VSOCK
Hypervisor
VM
Shim
Guest Linux kernel
AgentRuntime
I/O OCI command
gRPC gRPC
Shim
Hypervisor VSOCK interface
ns
proc
ns
proc
OCI lifecycle
https://www.connection.com/~/media/images/solutions/new-pages/3-box-icons/606772-it-lifecycle-services.png
OCI Lifecycle - run
Runtime
kata-runtime run
OCI Lifecycle - run
Hypervisor
VM
Guest Linux kernel
Runtime
Start VM
OCI Lifecycle - run
Hypervisor
VM
Guest Linux kernel
AgentRuntime
listen to serial
OCI Lifecycle - run
Hypervisor
VM
Proxy
Guest Linux kernel
AgentRuntime
Start proxy
OCI Lifecycle - run
Hypervisor
VM
Proxy
Guest Linux kernel
AgentRuntime
connect VM
OCI Lifecycle - run
Hypervisor
VM
Proxy
Guest Linux kernel
AgentRuntime
connection established
OCI Lifecycle - run
Hypervisor
VM
Proxy
Guest Linux kernel
AgentRuntime
run container
ns
proc
OCI Lifecycle - run
Hypervisor
VM
Proxy
Guest Linux kernel
AgentRuntimestart shim
Shimns
proc
OCI Lifecycle - run
Hypervisor
VM
Proxy
Guest Linux kernel
AgentShim
ns
proc
I/OSignals
OCI Lifecycle - exec
Hypervisor
VM
Proxy
Guest Linux kernel
AgentShim
ns
proc
Runtime
kata-runtime execI/OSignals
OCI Lifecycle - exec
Hypervisor
VM
Proxy
Guest Linux kernel
AgentShim
ns
proc
I/O
Runtime
exec process
proc
OCI Lifecycle - exec
Hypervisor
VM
Proxy
Guest Linux kernel
AgentShim
ns
proc
I/O
Runtime
proc
Shimstart shim
OCI Lifecycle - exec
Hypervisor
VM
Proxy
Guest Linux kernel
AgentShim
ns
proc
I/Oproc
Shim
virtcontainers
More than just OCIOCI runtime
kata-runtime
Kata API
Hypervisor
Native CRIfrakti
Network Device Storage
QemuKVM Xen CNM CNI
MACVTAP
TCmirror
block vfio
SR-IOV
block 9p
http://www.breadalbane.pkc.sch.uk/BA/wp-content/uploads/2014/05/Technical-Drawings2.jpg
OCI compatibility
VM
kata-runtime
libcontainer
AgentOCI spec
Host
Lightweight VM - NVDIMM/DAXVM 1
Guest kernel
DAX
NVDIMM
Shared/ROROOTFS
VM 2
Guest kernel
DAX
NVDIMM
Host
Lightweight VM - KSM
KSM
Hypervisor
VM 1pages
VM 2pages
Mergedpages
Pool
Fast VM - Templating
VMtemplate
VMtemplate
VMtemplate Runtime
VM
Guest kernel
1vCPU
128 MiBRAM
Fast VM - Hotplug
Runtime
VM
Guest kernel
1vCPU
128 MiBRAM
Fast VM - Hotplug
Runtime
VM
Guest kernel
3vCPU
1024 MiBRAM
PCI devices
Hotplug
Host Linux kernel
Devices - virtio
VM
Guest kernel
container
/dev/sda
virtio-scsi back-end
QEMU
Block deviceemulation
virtio-scsi front-end
Devices - virtio
VM
Guest kernel
container
Host Linux kernel
eth0
vhost-net back-end
emulation
virtio-net front-end
Devices - HW passthrough
VM
Guest kernel
container
Host Linux kernel
eth0
ixgbe driver
NIC
vfio-pci
Devices - SR-IOV bonus
VM 1
Guest kernel
container
Host Linux kernel
eth0
ixgbe driver
NIC
vfio-pci
PF VF1 VF2 VFN
VM 2
Guest kernel
container
eth0
ixgbe driver
MACVTAP
veth
pair
Container netns
Network - Macvtap
VM
vhost-net
veth
pair
Network - Traffic control
Container netns
TAPTC
mirroring
VM
vhost-net
Storage - 9p
HostFilesystem
VM
Guest kernel
container
rootfs volumes
virtio-9pColdplug
Storage - blk
Blockdevice
Hotplug
VM
Guest kernel
container
rootfs volumes
virtio-blk | virtio-scsi
PID ns
Network ns
Host namespaces
shim
VM
Guest Linux kernel
Agent ns
proc proc
shim
https://img.taste.com.au/ZATA4qbZ/taste/2017/03/double-choc-easter-cheesecake-1980x1320-124941-1.jpg
Multi OS
Host Linux kernel
VMVMVM
linux-4.16 linux-3.14linux-4.8 + GPU module
container container container
GPU
Time to wrap up !
https://www.huddle.com/sites/default/files/image/security-01.png
Time to wrap up !
https://www.huddle.com/sites/default/files/image/security-01.pnghttp://www.theiskandarian.com/web/wp-content/uploads/2015/10/high-speed-rail-attracts-interest.jpg
Time to wrap up !
https://www.huddle.com/sites/default/files/image/security-01.pnghttp://www.theiskandarian.com/web/wp-content/uploads/2015/10/high-speed-rail-attracts-interest.jpg
https://i.pinimg.com/originals/90/69/f7/9069f7abb8d91fbfd2353d62b6dc6053.jpg
Play & contribute !
Sources: https://github.com/kata-containers/runtime
Get started: https://github.com/kata-containers/documentation/blob/master/Developer-Guide.md
Slack: katacontainers.slack.com
IRC: #kata-dev@freenode
Mailing list: kata-dev@lists.katacontainers.io
Recommended