-
Notifications
You must be signed in to change notification settings - Fork 304
Initial release of Kata Containers with Firecracker support
The 1.5.0 release of Kata Containers introduces support for the Firecracker hypervisor. While we do not yet have packages available for Firecracker, we do have the built binary included as part of our release tarball. A Firecracker specific tarball was created which includes all of the configurations and binaries required for running Kata+Firecracker.
This is a quick guide to show how to quickly start playing with Kata + Firecracker in docker. This is the initial introduction, and we have plenty of work around optimizations, but I expect users to be able to use block based volumes (up to 7 per container right now) as well as multiple network interfaces with these containers.
See this issue for current limitations of Kata+FC.
In order to run Kata + Firecracker, there are a few mandatory requirements your host system/container stack will need to support:
- Your host must support the
vhost_vsockkernel module - Your container stack must provide a block based storage ('graph driver'), such as
devicemapper
Without these pre-requisites, Kata + Firecracker will not work.
The static binaries are posted on our release page, and 1.5.0 can be obtained as follows:
wget https://github.com/kata-containers/runtime/releases/download/1.5.0/kata-static-1.5.0-x86_64.tar.xz
The tarball is designed to be decompressed into /, placing all of the files within /opt/kata/. The runtime configuration is expected to land at /opt/kata/share/defaults/kata-containers/configuration.toml. Your mileage will vary if you make further changes. To install Kata on your system:
sudo tar -xvf kata-static-1.5.0-x86_64.tar.xz -C /
Docker 18.06 is required for running Kata with Firecracker. For Kata+Firecracker, a block based driver like devicemapper is required. The latest release of Docker, 18.09, does not support devicemapper and is not compatible.
NOTE if you are changing storage drivers for Docker, please take care to cleanup existing containers and container images on your host, as these will be lost!
To configure Docker for devicemapper and Kata, set /etc/docker/daemon.json with the following contents:
{
"runtimes": {
"kata-fc": {
"path": "/opt/kata/bin/kata-fc"
},
"kata-qemu": {
"path": "/opt/kata/bin/kata-qemu"
}
},
"storage-driver": "devicemapper"
}
Then restart docker:
sudo systemctl daemon-reload
sudo systemctl restart docker
Note, you'll need to make sure vsock is supported on your host system:
sudo modprobe vhost_vsock
Assuming vsock is supported, run the kata container:
docker run --runtime=kata-fc -itd --name=oh-sweet-fc alpine sh
You'll see firecracker is now running on your system, as well as a kata-shim process:
$ ps -ae | grep -E "kata|fire"
10174 ? 00:00:05 firecracker
10194 pts/5 00:00:00 kata-shim
You can exec into the container, providing a shell into a container which is running inside of a firecracker based virtual machine:
docker exec -it oh-sweet-fc sh
#
You can also run a Kata Container utilizing the QEMU hypervisor:
docker run --runtime=kata-qemu -itd --name=oh-sweet-qemu-too alpine sh
After exiting the shell, you can then remove the container:
docker kill oh-sweet-fc
docker kill oh-sweet-qemu-too
docker rm oh-sweet-fc
docker rm oh-sweet-qemu-too