Initial release of Kata Containers with Firecracker support

Eric Ernst edited this page Dec 22, 2018 · 11 revisions

Kata Containers with Firecracker hypervisor

The 1.5.0-rc2 release of Kata Containers introduces support for the Firecracker hypervisor. While we do not yet have packages available for Firecracker, we do have the built binary included as part of our release tarball. A Firecracker specific tarball was created which includes all of the configurations and binaries required for running Kata+Firecracker.

This is a quick guide to show how to quickly start playing with Kata + Firecracker in docker. This is the initial introduction, and we have plenty of work around optimizations, but I expect users to be able to use block based volumes (up to 7 per container right now) as well as multiple network interfaces with these containers.

We plan to update kata-deploy's container image to allow users a quick daemonset for installing and configuring Kata (with both QEMU and Firecracker) in a Kubernetes cluster which utilizes containerd and/or CRIO. After this we will be adding admission controller support to help navigate the spectrum of runtime's configured with runtimeClass. Stay tuned for these updates! For now, you can install the static binaries and manually configure CRIO or containerd and start running basic pods. See this issue for current limitations of Kata+FC in Kubernetes.

Quick Start - Docker

Get the static binaries

The static binaries are posted on our release page, and 1.5.0-rc2 can be obtained as follows:

wget https://github.com/kata-containers/runtime/releases/download/1.5.0-rc2/kata-fc-static-1.5.0-rc2-x86_64.tar.gz

The tarball is designed to be decompressed into /, placing all of the files within /opt/kata/. The runtime configuration is expected to land at /opt/kata/share/defaults/kata-containers/configuration.toml. Your mileage will vary if you make further changes. To install Kata on your system:

sudo tar -xvf kata-fc-static-1.5.0-rc2-x86_64.tar.gz -C /

Install and configure Docker

Docker 18.06 is required for running Kata with Firecracker. For Kata+Firecracker, a block based driver like devicemapper is required. The latest release of Docker, 18.09, does not support devicemapper and is not compatible.

To configure Docker for devicemapper and Kata, set /etc/docker/daemon.json with the following contents:

{
  "runtimes": {
    "kata": {
      "path": "/opt/kata/bin/kata-runtime"
    }
  },
  "storage-driver": "devicemapper"
}

Then restart docker:

sudo systemctl daemon-reload
sudo systemctl restart docker

Run a Kata container utilizing Firecracker

Note, you'll need to make sure vsock is supported on your host system:

sudo modprobe vhost_vsock

Assuming vsock is supported, run the kata container:

docker run --runtime=kata -itd --name=oh-sweet alpine sh

You'll see firecracker is now running on your system, as well as a kata-shim process:

$ ps -ae | grep -E "kata|fire"
10174 ?        00:00:05 firecracker
10194 pts/5    00:00:00 kata-shim

You can exec into the container, providing a shell into a container which is running inside of a firecracker based virtual machine:

docker exec -it oh-sweet sh
#

After exiting the shell, you can then remove the container:

docker kill oh-sweet
docker rm oh-sweet
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.