Get the image from dockerhub.
Kata Containers is a lightweight virtual machine (VM) for containers. It is designed to provide the speed of containers and the isolation of VMs. Kata Containers can run on multiple hypervisors and is compatible CRI for Kubernetes.
The documentation is based on Kata Containers 3.1.3, but in practice kata 3.x should be able to follow this documentation.
The pre-built kernel from Kata Containers does not support eBPF, so we need to build the kernel ourselves. this documentation is about how to build the kernel and configure kata containers to use it.
If you haven't installed Kata Containers yet, please refer to the official documentation.
git clone --depth 1 --branch 3.1.3 https://github.com/kata-containers/kata-containers.git- Download the kernel source code, version 6.1.38 as an example
cd kata-containers/tools/packaging/kernel
./build-kernel.sh -v 6.1.38 setup- Change
tools/packaging/kernel/configs/fragments/x86_64/.configto meet kernel_config requirements, given an full example here - Build the kernel
./build-kernel.sh -v 6.1.38 build- Install the kernel to
/usr/share/kata-containers/
sudo ./build-kernel.sh installKata-qemu config file as example: Edit /opt/kata/share/defaults/kata-containers/configuration-qemu.toml
# Replace the kernel path
#kernel = "/opt/kata/share/kata-containers/vmlinux.container"
kernel = "/usr/share/kata-containers/vmlinuz.container"Start container via nerdctl
sudo nerdctl run -it --runtime=io.containerd.kata.v2 --rm alpineRun uname -a
Linux 856b63ebabcc 6.1.38 #2 SMP Fri Aug 11 16:20:36 CST 2023 x86_64 Linux
sudo nerdctl run \
-it \
-p 8888:8888 \
-p 8120:8120 \
--runtime=io.containerd.kata.v2 \
--cap-add=sys_admin \
--entrypoint bash \
--rm \
dataucon/duetectorIf use bash as entrypoint, you need to mount debugfs manually
mount -t debugfs debugfs /sys/kernel/debugMore information about tracking mlflow with duetector, please refer to usercases