To fulfill the kata design requirements, and based on the disscusion on Virtcontainers API extentions, the kata runtime library features the following APIs:
- Sandbox based top API
- Storage and network hotplug API
- Plugin frameworks for external proprietary Kata runtime extensions
- Built-in shim and proxy types and capabilities
| Name | Description |
|---|---|
| CreateSandbox(SandboxConfig) | Create and start a sandbox, and return the sandbox structure. |
| FetchSandbox(ID) | Connect to an existing sandbox and return the sandbox structure. |
| ListSandboxes() | List all existing standboxes with status. |
| Name | Description |
|---|---|
| sandbox.Pause() | Pause the sandbox. |
| sandbox.Resume() | Resume the paused sandbox. |
| sandbox.Release() | Release a sandbox data structure, close connections to the agent, and quit any goroutines associated with the sandbox. Mostly used for daemon restart. |
| sandbox.Delete() | Destroy the sandbox and remove all persistent metadata. |
| sandbox.Status() | Get the status of the sandbox and containers. |
| sandbox.Monitor() | Return a context handler for caller to monitor sandbox callbacks such as error termination. |
| sandbox.CreateContainer() | Create new container in the sandbox. |
| sandbox.DeleteContainer() | Delete a container from the sandbox. |
| sandbox.StartContainer() | Start a container in the sandbox. |
| sandbox.StatusContainer() | Get the status of a container in the sandbox. |
| sandbox.EnterContainer() | Run a new process in a container. |
| sandbox.WaitProcess() | Wait on a process to terminate. |
| Name | Description |
|---|---|
| sandbox.AddDevice() | Add new storage device to the sandbox. |
| sandbox.AddInterface() | Add new nic to the sandbox. |
| sandbox.RemoveInterface() | Remove a nic from the sandbox. |
| sandbox.ListInterfaces() | List all nics and their configurations in the sandbox. |
| sandbox.UpdateRoutes() | Update the sandbox route table (e.g. for portmapping support). |
| sandbox.ListRoutes() | List the sandbox route table. |
| Name | Description |
|---|---|
| sandbox.WinsizeProcess(containerID, processID, Height, Width) | Relay TTY resize request to a process. |
| sandbox.SignalProcess(containerID, processID, signalID, signalALL) | Relay a signal to a process or all processes in a container. |
| sandbox.IOStream(containerID, processID) | Relay a process stdio. Return stdin/stdout/stderr pipes to the process stdin/stdout/stderr streams. |
TBD.
The metadata storage plugin controls where sandbox metadata is saved. All metadata storage plugins must implement the following API:
| Name | Description |
|---|---|
| storage.Save(key, value) | Save a record. |
| storage.Load(key) | Load a record. |
| storage.Delete(key) | Delete a record. |
Built-in implementations include:
- Filesystem storage
- LevelDB storage
The VM factory plugin controls how a sandbox factory creates new VMs. All VM factory plugins must implement following API:
| Name | Description |
|---|---|
| VMFactory.NewVM(HypervisorConfig) | Create a new VM based on HypervisorConfig. |
Built-in implementations include:
| Name | Description |
|---|---|
| CreateNew() | Create brand new VM based on 'HypervisorConfig'. |
| CreateFromTemplate() | Create new VM from template. |
| CreateFromCache() | Create new VM from VM caches. |
- Supported shim configurations:
| Name | Description |
|---|---|
| noopshim | Do not start any shim process. |
| ccshim | Start the cc-shim binary. |
| katashim | Start the kata-shim binary. |
| katashimbuiltin | No standalone shim process but shim functionality APIs are exported. |
- Supported proxy configurations:
| Name | Description |
|---|---|
| noopProxy | a dummy proxy implementation of the proxy interface, only used for testing purpose. |
| noProxy | generic implementation for any case where no actual proxy is needed. |
| ccProxy | run ccProxy to proxy between runtime and agent. |
| kataProxy | run kata-proxy to translate yamux connections between runtime and kata agent. |
| kataProxyBuiltin | no standalone proxy process and connect to kata agent with internal yamux translation. |
Built-in shim capability is implemented by removing standalone shim process, and supporting the shim related APIs.
Built-in proxy capability is achieved by removing standalone proxy process, and
connecting to kata agent with a custom grpc dialer that is internal yamux translation.
The behavior is enabled when proxy is configured as kataProxyBuiltin.