kataShared file system
摘要:root@25a725e7599e:/# ls bin dev home lost+found mnt proc run srv tmp var boot etc lib media opt root sbin sys usr root@25a725e7599e:/# ls run/ kata-co
阅读全文
posted @ 2020-10-31 12:08
10 2020 档案
kata 深入
摘要:安全容器 现在的安全容器用的是Kata containers。 它最主要的卖点就是一句话: The speed of containers, the security of VMs 可以看到这句话里面其实强调了安全容器的卖点与定位是: 介于容器和VM之间。 和容器比,它性能还算可以,同时操作体验差不
阅读全文
posted @ 2020-10-31 11:36
kata sandbox +启动虚拟机
摘要:https://wohin.me/kata-containerstao-yi-yan-jiu/ https://blog.csdn.net/zhonglinzhang/article/details/99458561 Nov 19 20:11:51 pcl-01 kata-runtime[34358
阅读全文
posted @ 2020-10-30 21:05
dpdk rss
摘要:testpmd if (nb_rxq > 1) { port->dev_conf.rx_adv_conf.rss_conf.rss_key = NULL; port->dev_conf.rx_adv_conf.rss_conf.rss_hf = rss_hf & port->dev_info.flo
阅读全文
posted @ 2020-10-30 19:16
dpdk app
摘要:https://www.yuque.com/zzqcn/opensource/cucfi7 https://doc.dpdk.org/guides-17.11/nics/build_and_test.html ./app/dpdk-procinfo -- --metrics # ./dpdk-pro
阅读全文
posted @ 2020-10-30 17:33
Hands on vhost-user: A warm welcome to DPDK
摘要:官网 https://doc.dpdk.org/dts/test_plans/pvp_vhost_user_reconnect_test_plan.html DPDK Vhost with virtio-vhost-user support https://github.com/ndragazis/
阅读全文
posted @ 2020-10-30 16:22
Futex system calls taking too much time
摘要:strace -c -f -S name docker run --rm -itd --name=kata-test --runtime kata-runtime busybox strace: Process 21490 attached strace: Process 21491 attache
阅读全文
posted @ 2020-10-30 15:29
Analyzing Docker Container Performance With Native Tools
摘要:Containerization is changing how organizations deploy and use software. You can now deploy almost any software reliably with just the docker run comma
阅读全文
posted @ 2020-10-30 15:23
SPDK and Containers
摘要:SPDK and Containers This is a living document as there are many ways to use containers with SPDK. As new usages are identified and tested, they will b
阅读全文
posted @ 2020-10-30 14:40
kata cgroup
摘要:## 检查进程所处 cgroup root@DESKTOP-UMENNVI:~/cgroup-test/cgroup-1# cat /proc/1945/cgroup 14:name=cgroup-test:/cgroup-1 13:rdma:/ 12:pids:/ 11:hugetlb:/ 10:
阅读全文
posted @ 2020-10-30 14:11
How AWS Firecracker works: a deep dive
摘要:Anything that powers technology like AWS Lambda needs to be really fast. And it needs to be secure. While AWS could have gone with existing technology
阅读全文
posted @ 2020-10-30 12:54
DAX内核文档(翻译)
摘要:对文件的直接访问(Direct Access) 1. 动机 page cache经常被用来被作为文件读写的buffer,也被用来提供页被mmap系统调用映射到用户态的页。 对于更像内存的块设备来说,page cache的页没必要从原始存储拷贝过来。DAX代码通过直接对存储设备的读写操作移除了额外的拷
阅读全文
posted @ 2020-10-30 10:50
Linux Memory Management:The Function and the Implementation of DAX(Direct Access)Mechanism
摘要:文章目录 Linux Memory Management:The Function and the Implementation of DAX(Direct Access)Mechanism 1. DAX 简述 2. DAX 的原理 2.1. 普通文件路径如何旁路页缓存 2.2. 映射文件路径如何旁
阅读全文
posted @ 2020-10-30 10:42
mount --bind
摘要:https://bindfs.org/ bindfs Mount a directory to another location and alter permission bits. bindfs is a FUSE filesystem for mounting a directory to an
阅读全文
posted @ 2020-10-30 10:32
Measure execution time of docker container
摘要:Container Performance Analysis at DockerCon 2017 https://www.slideshare.net/brendangregg/container-performance-analysis Run Process Debug Tools in Con
阅读全文
posted @ 2020-10-29 19:22
kata-agent + libcontainer
摘要:root@ubuntu:/mnt/kata# ls bin boot dev etc home lib lost+found media mnt opt proc root run sbin srv sys tmp usr var root@ubuntu:/mnt/kata# find . -nam
阅读全文
posted @ 2020-10-29 11:03
Initializing port 0 ... Creating queues: nb_rxq=2 nb_txq=4... Ethdev port_id=0 invalid rss_hf: 0x3afbc, valid value: 0x38f3c
摘要:Initializing port 0 ... Creating queues: nb_rxq=2 nb_txq=4... Ethdev port_id=0 invalid rss_hf: 0x3afbc, valid value: 0x38f3c /* Check that device supp
阅读全文
posted @ 2020-10-27 20:10
docker mount
摘要:root@ubuntu:/home/ubuntu# docker run --rm -it --name broken-container --mount type=bind,source=/tmp,target=/usr nginx:latest /docker-entrypoint.sh: No
阅读全文
posted @ 2020-10-27 16:21
vhost源码 + vhost_dev_init
摘要:virtqueue 是 Guest操作系统内存的一部分,用作Guest和Host的数据传输缓存。Host可以在Userspace实现(QEMU),也可以在内核态实现(vHost)。 比如,物理网卡收到发往虚拟机的数据包后,将其转发到对应的TAP设备。Qemu中TAP设备分为后端驱动和TAP设备关联,
阅读全文
posted @ 2020-10-26 11:57
virtio event fd + 中断 前后端通信机制 +class_init {vhost worker方式}(二)
摘要:1. set_guest_notifiers初始化流程 static void virtio_pci_bus_class_init(ObjectClass *klass, void *data){ k->set_guest_notifiers = virtio_pci_set_guest_notif
阅读全文
posted @ 2020-10-24 17:29
virtio event fd + 中断 前后端通信机制 +class_init {非vhost}方式(一)
摘要:https://kernelgo.org/virtio-overview.html http://lihanlu.cn/virtio-frontend-kick/ Qemu Vhost Block架构分析 https://blog.csdn.net/u012377031/article/detail
阅读全文
posted @ 2020-10-24 16:24
virtiofsd unix socket
摘要:https://www.cnblogs.com/yi-mu-xi/p/12923523.html vhost_user_backend_init() ........ vhost_setup_slave_channel(dev) ......... qemu_set_fd_handler(u->sl
阅读全文
posted @ 2020-10-24 12:53
guest侧virtio probe + qemu侧 vhost_dev_init + kernel vhost + vhost user +unix域套接字
摘要:guest侧virtio probe https://www.jianshu.com/p/e4b29d16bae4 https://kernelgo.org/virtio-overview.html https://blog.csdn.net/qq_15437629/article/details/
阅读全文
posted @ 2020-10-24 10:51
virtiofsd
摘要:virtio-fs介绍 在guest之间共享文件系统的方案 virtio-fs把文件mmap进qemu的进程地址空间并让不同guest使用DAX访问该内存空间 DAX数据访问和元数据的共享内存访问都是通过共享内存的方式避免不必要的VM/hypervisor之间通信(在元数据没有改变的情况下) Kat
阅读全文
posted @ 2020-10-24 10:16
qemu vhost_net + vhost_dev_init
摘要:https://blog.csdn.net/qq_20817327/article/details/106655151 net/tap.c static void net_init_tap_one { 699 vhostfd = open("/dev/vhost-net", O_RDWR); 700
阅读全文
posted @ 2020-10-24 10:04
virtio-vsock
摘要:virtio-vsock virtio-vsock provides a way for applications running on a guest VM and the host system to communicate with each other using the standard
阅读全文
posted @ 2020-10-24 09:42
VIRTIO & VHOST
摘要:[root@x86compute01 ~]# ps aux | grep vhost 64055 3950 3.3 0.0 5996552 208716 ? Sl 4月22 8799:09 /usr/bin/qemu-system-x86_64 -name guest=instance-000030
阅读全文
posted @ 2020-10-24 09:18
nc-vsock unix域套接字
摘要:https://github.com/stefanha/nc-vsock/blob/master/nc-vsock.c Skip to content Search or jump to… Pull requests Issues Marketplace Explore @magnate3 Lear
阅读全文
posted @ 2020-10-23 20:18
Virtio-vsock Device + aF_UNIX 套接字通信
摘要:irtio是Linux虚拟机平台上统一的虚拟IO接口驱动。通常主机为了让客户机像在真实环境中一样运行,需要为客户机创建各式各样的虚拟设备,如磁盘,网卡,显卡,时钟,USB 等。这些虚拟设备大大降低了客户机的性能。使用virtio。虚拟机guest不用关注如何创建各种虚拟硬件设备(如磁盘,网卡,显卡等
阅读全文
posted @ 2020-10-23 20:15
Using the Firecracker Virtio-vsock Device + F_UNIX 套接字通信
摘要:https://github.com/firecracker-microvm/firecracker/blob/master/docs/vsock.md Firecracker 仅仅实现了以下功能: 基于 VirtIO 的网络,磁盘和套接字驱动(virtio-net,virtio-blk,virti
阅读全文
posted @ 2020-10-23 20:06
vhost-user
摘要:https://www.cnblogs.com/bakari/p/8421743.html 什么是 vhost-user 在 vhost 的方案中,由于 vhost 实现在内核中,guest 与 vhost 的通信,相较于原生的 virtio 方式性能上有了一定程度的提升,从 guest 到 kvm
阅读全文
posted @ 2020-10-23 20:00
KVM Forum 2019: virtio-vsock in QEMU, Firecracker and Linux
摘要:Status, Performance and Challenges Slides and recording are available for the “virtio-vsock in QEMU, Firecracker and Linux: Status, Performance and Ch
阅读全文
posted @ 2020-10-23 19:49
vsock
摘要:Vsocks are a means of providing socket communication (either stream or datagram) directly between VMs and their host operating system. The host and ea
阅读全文
posted @ 2020-10-23 19:41
virtio
摘要:https://blogs.oracle.com/linux/how-to-emulate-block-devices-with-qemu virtio_pci 在probe(接管)每一个设备时,根据每个pci设备的subsystem device id来识别出这具体是哪一种virtio设备,然后相
阅读全文
posted @ 2020-10-23 19:32
Create an OCI bundle
摘要:Running standalone It is possible to start the runtime without a container manager. This is mostly useful for testing and debugging purposes. Create a
阅读全文
posted @ 2020-10-23 18:56
rust mod
摘要:[root@bogon app1]# cat Cargo.toml [package] name = "app1" version = "0.1.0" authors = ["magnate <liangeaglejun@sina.com>"] edition = "2018" # See more
阅读全文
posted @ 2020-10-23 17:13
cargo
摘要:cargo --version [root@bogon ~]# cargo --version cargo 1.47.0 (f3c7e066a 2020-08-28) You have new mail in /var/spool/mail/root [root@bogon ~]# 使用 cargo
阅读全文
posted @ 2020-10-23 16:44
extract 内核config
摘要:./scripts/extract-ikconfig vmlinux extract-ikconfig: Cannot find kernel config. If the kernel has been compiled with CONFIG_IKCONFIG=m (note the m), t
阅读全文
posted @ 2020-10-22 19:02
A brief overview of cloud-hypervisor, a modern VMM
摘要:https://terenceli.github.io/%E6%8A%80%E6%9C%AF/2019/09/07/cloud-hypervisor 虚拟化技术 https://terenceli.github.io/tags.html#%E8%99%9A%E6%8B%9F%E5%8C%96-ref
阅读全文
posted @ 2020-10-22 09:26
cloudhypervisor + kata + aarch64
摘要:1、操作系统 root@cloud:~# uname -a Linux cloud 5.5.19-050519-generic #202004210831 SMP Tue Apr 21 08:49:56 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux root@
阅读全文
posted @ 2020-10-22 09:11
libfuse安装
摘要:Installation You can download libfuse from https://github.com/libfuse/libfuse/releases. To build and install, we recommend to use Meson and Ninja. Aft
阅读全文
posted @ 2020-10-21 17:44
virtiofsについて
摘要:NotFoundroot@cloud:~/hyper/linux-cloud-hypervisor/kernel# pgrep -a virtiofsd 3157 /usr/bin/virtiofsd --syslog -f -o cache=auto -o no_posix_lock -o sou
阅读全文
posted @ 2020-10-21 14:48
makefile 输出
摘要:在makefile中打印输出信息的方法是:$(warning xxxxx)或者$(error xxxxx) 输出变量方式为:$(warning $(XXX)) root@bogon runtime]# grep CLHCMD -rn * arch/amd64-options.mk:28:CLHCMD
阅读全文
posted @ 2020-10-21 12:05
kata runtime + kata-shim 编译
摘要:https://github.com/kata-containers/runtime root@ubuntu:/opt/gopath/src/github.com/kata-containers/shim# ./kata-shim -version kata-shim version 1.12.0-
阅读全文
posted @ 2020-10-21 11:09
ubuntu内核升级 内核代码下载
摘要:升级内核有两种方法:1. 自己下载源码编译;2. 使用官方编译好的内核。一般来说最好都是使用官方编译好的。官方编译的内核可以从这里下载:https://kernel.ubuntu.com/~kernel-ppa/mainline/ root@cloud:~/kernel.5.5.19# ls lin
阅读全文
posted @ 2020-10-21 10:09
qemu5.0
摘要:https://www.qemu.org/download/#source To download and build QEMU 5.1.0: wget https://download.qemu.org/qemu-5.1.0.tar.xz tar xvJf qemu-5.1.0.tar.xz cd
阅读全文
posted @ 2020-10-21 10:04
make distclean & qemu
摘要:make distclean && rm -rf *-linux-user *-softmmu", root@cloud:/home/ubuntu/qemu/build# make -j 64 make[1]: Entering directory '/home/ubuntu/qemu/slirp'
阅读全文
posted @ 2020-10-21 09:39
glib-2.40 :libglib_2_0_la-gdate.lo failed
摘要:安装glib库: configure 配置选项 --enable-debug=no 选项:默认是mini模式,在release的时候应该使用该选项 --disable-included-printf 选项:这个选项要谨慎使用,可能会造成某些 printf 家族的函数不能使用 tar xf glib-
阅读全文
posted @ 2020-10-20 20:05
systemctl
摘要:$ dockerUnit=$(systemctl show -p FragmentPath docker.service | cut -d "=" -f 2) $ unitFile=${dockerUnit:-/etc/systemd/system/docker.service.d/kata-con
阅读全文
posted @ 2020-10-20 17:02
kata 配置 /usr/libexec/kata-qemu
摘要:# disable guest seccomp # Determines whether container seccomp profiles are passed to the virtual # machine and applied by the kata agent. If set to t
阅读全文
posted @ 2020-10-20 16:27
qemu 编译选项
摘要:config-host.mak virtiofsd [root@localhost build]# ../configure --enable-kvm --disable-xen --enable-libusb --enable-debug-info --enable-debug --enable-
阅读全文
posted @ 2020-10-20 15:43
libseccomp编译安装 + autogen.sh
摘要:libseccomp编译安装 http://blog.fpliu.com/it/software/libseccomp contrib/virtiofsd/seccomp.o: In function `setup_seccomp': /data2/hyper/qemu/contrib/virtio
阅读全文
posted @ 2020-10-20 15:31
virtio-fs
摘要:Examples Export /var/lib/fs/vm001/ on vhost-user UNIX domain socket /var/run/vm001-vhost-fs.sock: host# virtiofsd --socket-path=/var/run/vm001-vhost-f
阅读全文
posted @ 2020-10-20 14:41
cloud-hypervisor
摘要:https://github.com/cloud-hypervisor/cloud-hypervisor#containerized-builds-and-tests apt install rustc -y Command 'rustup' not found, but can be instal
阅读全文
posted @ 2020-10-20 09:32
kata rootfs 文件系统
摘要:https://sealyun.com/post/kubernetes-vm/ 文件系统DAX(Direct Access filesystem) 内核DAX功能有效地将一些主机端文件映射到来宾VM空间。特别是Kata Containers使用QEMU NVDIMM功能提供内存映射的虚拟设备,可用于
阅读全文
posted @ 2020-10-19 20:04
crt task
摘要:1.[root@containerd busybox]# cd /root/busybox 2.利用containerd cli (/usr/local/bin/ctr)运行容器 [root@containerd busybox]# ctr run -t -d --rootfs rootfs bus
阅读全文
posted @ 2020-10-19 19:51
golang安装kata 2.0 + firecracker
摘要:[root@bogon kata]# cd /opt/gopath/src/github.com/kata-containers/kata-containers/src/ [root@bogon src]# make && make install make: *** No targets spec
阅读全文
posted @ 2020-10-19 15:07
kata 镜像osbuilder
摘要:osbuilder osbuilder Introduction Terms Building Rootfs creation Rootfs with systemd as init Rootfs with the agent as init dracut based rootfs Image cr
阅读全文
posted @ 2020-10-19 14:31
Using Nvidia GPU device with Kata Containers
摘要:https://github.com/kata-containers/documentation/blob/master/use-cases/Nvidia-GPU-passthrough-and-Kata.md Using Nvidia GPU device with Kata Containers
阅读全文
posted @ 2020-10-19 11:58
kata 镜像制作
摘要:step1: build image /opt/gopath/src/github.com/kata-containers/tests/.ci step2: build kernel bash -x install_image.sh ./build-kernel.sh -f -d build Lin
阅读全文
posted @ 2020-10-19 10:08
dpdk arm64 :error: unknown type name ‘__m128i’
摘要:error: unknown type name ‘__m128i’ #if defined(RTE_MACHINE_CPUFLAG_SSE2) static inline xmm_t em_mask_key(void *key, xmm_t mask) { __m128i data = _mm_l
阅读全文
posted @ 2020-10-18 19:03
DPDK笔记 RSS(receive side scaling)网卡分流机制
摘要:DPDK 网卡RSS(receive side scaling)简介DPDK-RSS负载均衡分流DPDK设计技巧(第1部分-RSS)接收端缩放介绍 1. 缩略词 RSS receive side scaling 接收端缩放 DPC Delayed procedure call 延迟过程调用 LSB
阅读全文
posted @ 2020-10-18 14:37
vfio
摘要:[root@localhost dpdk-19.11]# lsmod | grep vfio [root@localhost dpdk-19.11]# modprobe vfio [root@localhost dpdk-19.11]# lsmod | grep vfio vfio_iommu_ty
阅读全文
posted @ 2020-10-18 12:01
iommu 和 dma 虚拟地址
摘要:iova支持 所谓iova可以理解为io的地址,或者说是DMA的地址。在17.11中很多之前的phys_addr关键字都被替换为了iova关键字了。因为在之前dpdk不感知iommu,设置DMA都是用物理地址,但是在借助iommu时就可以使用虚拟地址进行DMA了。在rte_eal_init中还有如下
阅读全文
posted @ 2020-10-18 11:14
overlay2
摘要:root@ubuntu:/home/ubuntu# tree . . ├── containerddemo │ ├── main │ └── main.go ├── dirA │ ├── b.txt │ └── x.txt ├── dirB │ ├── bb.log │ ├── b.txt │ └─
阅读全文
posted @ 2020-10-18 10:07
vfio-iommu-map-unmap
摘要:https://github.com/awilliam/tests/blob/master/vfio-iommu-map-unmap.c #include <errno.h> #include <libgen.h> #include <fcntl.h> #include <stdio.h> #inc
阅读全文
posted @ 2020-10-17 20:03
kata-shim: Setctty set but Ctty not valid in child: unknown.
摘要:root@ubuntu:/usr/share/defaults/kata-containers# docker run --rm -it --runtime kata-runtime ubuntu docker: Error response from daemon: OCI runtime cre
阅读全文
posted @ 2020-10-17 15:47
kata-runtime mount
摘要:Description of problem docker run --rm -d -it --runtime=kata-runtime -v /mnt/tmp:/mnt/tmp:rslave --name bindtest ubuntumkdir /mnt/tmp/1mount --bind /h
阅读全文
posted @ 2020-10-17 15:21
Virtio-fs介绍与性能优化
摘要:Run a Kata Container utilizing virtio-fs Once installed, start a new container, utilizing qemu + virtiofs: $ docker run --runtime=kata-qemu-virtiofs -
阅读全文
posted @ 2020-10-17 14:38
overlayfs mount shared =+ kata + OCI bundle rootfs
摘要:# mkdir rootfs # docker export $(docker create busybox) | tar -C rootfs -xvf - # runc spec 查不到mount信息 root@ubuntu:~# mount | grep 'container\/rootfs'
阅读全文
posted @ 2020-10-17 11:58
Getting started with containerd
摘要:参考https://www.cnblogs.com/sparkdev/p/9063042.html Starting containerd You can download one of the latest builds for containerd on the github releases
阅读全文
posted @ 2020-10-17 11:45
Container Runtime - CRI-O
摘要:2020 IT邦幫忙鐵人賽 Kubernetes 原理分析系列文章 kubernetes 探討 Container & Open Container Initiative Container Runtime Interface Container Network Interface Containe
阅读全文
posted @ 2020-10-17 11:32
containerd
摘要:转载https://segmentfault.com/a/1190000023618092 Containerd 模块从 docker 中分离出来后,功能变得更加丰富,依赖者变得更加广泛,不仅仅是docker在使用,可以看到在云原生应用中涉及到容器技术时基本都在依赖 containerd。 图片来源
阅读全文
posted @ 2020-10-17 11:27
容器运行时
摘要:Kubernetes 通过容器运行时(container runtime)来启动和管理容器。官方文档列举了以下几种 runtime:Docker,CRI-O,Containerd,fraki。它们之间有什么区别和联系呢?经常会看到 OCI、CRI 这些缩写,这些和容器、docker 到底是什么关系呢
阅读全文
posted @ 2020-10-17 11:11
同 Pod 内的容器使用共享卷通信
摘要:创建一个包含两个容器的 Pod 在这个练习中,你会创建一个包含两个容器的 Pod。两个容器共享一个卷用于他们之间的通信。 Pod 的配置文件如下: apiVersion: v1 kind: Pod metadata: name: two-containers spec: restartPolicy:
阅读全文
posted @ 2020-10-17 10:43
k8s + katacontainer
摘要:root@ubuntu:/opt/gopath/src/github.com/kata-containers/tests/.ci# go version go version go1.14.6 linux/arm64 root@ubuntu:/home/ubuntu# crictl version
阅读全文
posted @ 2020-10-16 17:41
k8s启动
摘要:日志 tail -n 50 /var/log/syslog 无containerd root@ubuntu:/etc/containerd# ps -elf | grep kube 0 S root 55425 37885 27 80 0 - 35323 futex_ 15:36 pts/1 00:
阅读全文
posted @ 2020-10-16 15:38
k8s containerd
摘要:ps -elf | grep containerd 0 S root 19894 19862 0 80 0 - 1418 pipe_w 14:36 pts/3 00:00:00 grep --color=auto containerd 4 S root 39827 1 0 80 0 - 3197 f
阅读全文
posted @ 2020-10-16 09:55
安装containerd
摘要:root@ubuntu:~/kata# go get github.com/containerd/containerd root@ubuntu:~/kata# pt-get install btrfs-tools Command 'pt-get' not found, did you mean: c
阅读全文
posted @ 2020-10-15 20:39
k8s镜像
摘要:root@ubuntu:~# kubectl get pods -A -o jsonpath="{.items[*].spec.containers[*].image}" \ > | tr -s '[[:space:]]' '\n' | sort | uniq > image-list.txt ro
阅读全文
posted @ 2020-10-15 16:23
crictl
摘要:root@ubuntu:~# ps -elf | grep crictl 0 S root 58960 38101 0 80 0 - 1097 pipe_w 15:28 pts/2 00:00:00 grep --color=auto crictl root@ubuntu:~# whereis cr
阅读全文
posted @ 2020-10-15 15:31
Kubernetes: Using containerd 1.1 without Docker
摘要:General dependencies Starting point is a vanilla Ubuntu >=16.04 installation. sudo apt install -y unzip tar btrfs-tools libseccomp2 socat util-linux a
阅读全文
posted @ 2020-10-15 15:27
docker images --digests
摘要:root@ubuntu:~# docker images --digests | grep coredns coredns/coredns coredns-arm64 sha256:e98e05b50afc6606d3e0a66e264175910651746262e4a4823299ec6c827
阅读全文
posted @ 2020-10-15 14:50
ctr images pull docker.io/library/redis:latest
摘要:root@ubuntu:~# ctr images list | grep redis docker.io/library/redis:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:33ca074e60
阅读全文
posted @ 2020-10-15 10:39
How To Manually Pull images used by Kubernetes kubeadm
摘要:n an environment where internet access is not reliable or when you have a restricted internet access like when using Proxy servers, or if your Kuberne
阅读全文
posted @ 2020-10-15 09:50
kube-controller docker tag 详解
摘要:root@ubuntu:/home/ubuntu# ps -elf | grep control 4 S root 34534 34463 1 80 0 - 53539 futex_ 09:02 ? 00:00:20 kube-controller-manager --allocate-node-c
阅读全文
posted @ 2020-10-15 09:38
linux去掉windows下文件中的\r dos2unix
摘要:Unix体系里,每行结尾只有“<换行>”,即“\n”;Windows体系里面,每行结尾是“<换行><回 车>”,即“\n\r”。一个直接结果是,Unix体系下的文件在Windows里打开的话,所有文字会变成一行;而Windows里的文件在Unix下打开的话,在每行的结尾可能会多出一个^M符号。 好了
阅读全文
posted @ 2020-10-14 16:09
containerd 导入镜像
摘要:containerd而非docker,需要离线导入镜像 解决原理https://segmentfault.com/a/1190000019534913ctr --namespace=k8s.io images ls 获取到你需要的镜像名称和版本之后 (参见后面的排查技巧) docker pull m
阅读全文
posted @ 2020-10-14 15:45
curl unix socket
摘要:curl --unix-socket /var/run/docker.sock http://localhost/images/json | jq root@ubuntu:/etc/containerd# curl -v --unix-socket /run/containerd/container
阅读全文
posted @ 2020-10-14 14:42
containerd
摘要:root@ubuntu:~# netstat -aux | grep containerd.sock unix 2 [ ACC ] STREAM LISTENING 2959473 /run/containerd/containerd.sock unix 2 [ ACC ] STREAM LISTE
阅读全文
posted @ 2020-10-14 14:31
0/1 nodes are available: 1 node(s) had taint {node-role.kubernetes.io/master: }
摘要:root@ubuntu:~# kubectl apply -f kata-nginx.yaml Error from server (Forbidden): error when creating "kata-nginx.yaml": pods "kata-nginx" is forbidden:
阅读全文
posted @ 2020-10-14 14:28
failed to pull image k8s.gcr.io/kube-controller-manage
摘要:root@ubuntu:~# kubeadm init --kubernetes-version=v1.18.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.10.16.82 --cri-socket /run/
阅读全文
posted @ 2020-10-14 12:45
journalctl
摘要:/var/log/syslog journalctl -f journalctl -xeu kubelet journalctl -r -t kubelet journalctl -t kata-runtime journactl -ft kata-runtime $ journalctl -q -
阅读全文
posted @ 2020-10-14 10:52
How to use Kata Containers and CRI (containerd plugin) with Kubernetes
摘要:https://github.com/kata-containers/documentation/blob/master/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md kata container与kubernetes集成的几种方式 cr
阅读全文
posted @ 2020-10-13 16:51
kubelet kubeadm kubectl install
摘要:.查看 Docker 使用的 cgroup driver: root@ubuntu:/home/ubuntu# docker info | grep -i cgroup Cgroup Driver: cgroupfs WARNING: No swap limit support root@ubunt
阅读全文
posted @ 2020-10-13 16:18
make an overlay with mount
摘要:mkdir upper lower merged work root@ubuntu:/home/ubuntu/overlay# echo "I'm from lower!" > lower/in_lower.txt root@ubuntu:/home/ubuntu/overlay# echo "I'
阅读全文
posted @ 2020-10-13 10:32
Use the OverlayFS storage driver + /run/kata-containers/
摘要:root@ubuntu:/home/ubuntu/overlay# ls -al /var/lib/docker/overlay2/l total 60 drwx 2 root root 4096 Oct 13 09:59 . drwx 16 root root 4096 Oct 13 09:59
阅读全文
posted @ 2020-10-13 10:04
/dev/pmem0p1
摘要:https://qiita.com/YasunoriGoto1/items/6b73ca4bb5e8bd8819ef 2017年は私にとって忙しくも充実した年となりました。今年はLinuxの不揮発メモリ開発のメンテナーの方とお会いしたり、弊社のOSS開発者を育てるためにOSS Gateを弊社社内で行
阅读全文
posted @ 2020-10-12 20:40
kata virtio-9p-pci qemu-system-aarch64
摘要:利用Qemu-4.0虚拟ARM64实验平台 https://chasinglulu.github.io/2019/07/27/%E5%88%A9%E7%94%A8Qemu-4-0%E8%99%9A%E6%8B%9FARM64%E5%AE%9E%E9%AA%8C%E5%B9%B3%E5%8F%B0/
阅读全文
posted @ 2020-10-12 17:44
Docker存储驱动—Overlay/Overlay2
摘要:https://arkingc.github.io/2017/05/05/2017-05-05-docker-filesystem-overlay/ root@ubuntu:/var/lib/docker/overlay2# docker ps CONTAINER ID IMAGE COMMAND
阅读全文
posted @ 2020-10-12 12:08
容器rootfs
摘要:挂载在容器根目录上、用来为容器进程提供隔离后执行环境的文件系统,就是所谓的“容器镜像”; 它还有一个更为专业的名称:rootfs (根文件系统)。 所以,一个最常见的rootfs,或者说容器镜像,会包括如下所示的一些目录和文件,比如/bin /etc/ proc等等: [root@node01 te
阅读全文
posted @ 2020-10-12 11:52
kata application mount
摘要:root@ubuntu:/home/ubuntu# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT loop0 7:0 0 85.8M 1 loop /snap/core/9994 loop1 7:1 0 50M 0 loop /tmp/my-rootfs
阅读全文
posted @ 2020-10-12 11:31
Container isolation with Kata and gVisor in Docker
摘要:Container isolation with Kata and gVisor in Docker Overview Containers are an efficient way to build and distribute workloads free of (most) host and
阅读全文
posted @ 2020-10-12 11:17
virtio-scsi驱动
摘要:virtio-scsi驱动 virtio-scsi 和 virtio 的性能相同,但是 virtio-scsi 提供了更多功能和更具伸缩性。最大的优势是,virtio-scsi可以在一个虚拟机中处理数百个磁盘设备,远超过 virtio-blk 只能处理25个设备的限制(另一个说法是30个设备,需要验
阅读全文
posted @ 2020-10-12 10:04
agent 日志
摘要:Enabling debug console for QEMU Add agent.debug_console to the guest kernel command line to allow the agent process to start a debug console. $ sudo s
阅读全文
posted @ 2020-10-10 17:31
socat + kata + cgroup
摘要:debug console connect qemu serial Connect to the virtual machine using the debug console sudo sed -i -e 's/^kernel_params = "\(.*\)"/kernel_params = "
阅读全文
posted @ 2020-10-10 17:12
lsof
摘要:root@ubuntu:~/docker/container# lsof -n -p 12212 |grep sock qemu-syst 12212 root 13u sock 0,9 0t0 666653 protocol: UNIX qemu-syst 12212 root 14u sock
阅读全文
posted @ 2020-10-10 16:26
kata-runtime spec
摘要:https://blog.csdn.net/zhonglinzhang/article/details/99458561 root@ubuntu:~/docker# mkdir kata-container root@ubuntu:~/docker# cd kata-container/ root@
阅读全文
posted @ 2020-10-10 16:19
kata 虚拟机
摘要:qemu-system-aarch64 -m 1024 -kernel vmlinuz-5.4.34-88 -nographic -initrd kata-containers.img -append console=ttyS0 -machine virt root@ubuntu:/etc/dock
阅读全文
posted @ 2020-10-10 16:11
json + jq命令
摘要:root@ubuntu:~/docker/container# cat config.json | jq
阅读全文
posted @ 2020-10-10 14:21
kata-runtime run mycontainer
摘要:# 准备一个busybox镜像 # 构造rootfs mkdir rootfs docker export $(docker create busybox) | tar -xf - -C rootfs # 构造config.json runc spec # 使用kata-runtime来运行荣齐全
阅读全文
posted @ 2020-10-10 11:46
kata-runtime来运行容器
摘要:# 准备一个busybox镜像 # 构造rootfs mkdir rootfs docker export $(docker create busybox) | tar -xf - -C rootfs # 构造config.json runc spec # 使用kata-runtime来运行荣齐全
阅读全文
posted @ 2020-10-10 11:19
docker + docker-runc
摘要:# mkdir /container # cd /container/ # mkdir rootfs 准备容器镜像的文件系统,从 busybox 镜像中提取 # docker export $(docker create busybox) | tar -C rootfs -xvf - # ls ro
阅读全文
posted @ 2020-10-10 10:15
kata container在aarch64上成功运行
摘要:安装脚本 cd $GOPATH/src/github.com/kata-containers/tests/.ci ./install_kata.sh root@ubuntu:/opt/gopath/src/github.com/kata-containers/proxy# docker ps -a
阅读全文
posted @ 2020-10-09 20:21
install_kata.sh
摘要:root@ubuntu:/usr/share/kata-containers/binary# whereis kata-runtime kata-runtime: /usr/local/bin/kata-runtime root@ubuntu:/usr/share/kata-containers/b
阅读全文
posted @ 2020-10-09 19:29
cc-runtime 和 runV
摘要:Kata Containers 是什么 基于轻量级虚拟机的容器,不同容器跑在一个个不同的虚拟机(kernel)上,比起传统容器提供了更好的隔离性和安全性。同时继承了容器快速启动和快速部署等优点。 轻量级虚拟机,就是号称我比你快安全性还比你更屌的那些,此类的 paper 比比皆是,比如 SOSP'17
阅读全文
posted @ 2020-10-09 17:45
关闭firecracker
摘要:root@ubuntu:~/rootfs/my# curl --unix-socket /tmp/firecracker.socket -i \ > > -X PUT "http://localhost/actions" \ > > -H "accept: application/json" \ >
阅读全文
posted @ 2020-10-09 16:03
Creating Custom rootfs and kernel Images
摘要:Creating Custom rootfs and kernel Images Creating a kernel Image Currently, Firecracker supports only uncompressed, ELF kernel images. You can build a
阅读全文
posted @ 2020-10-09 15:52
Build a single-app rootfs for Firecracker MicroVMs
摘要:Spawning applications in the cloud has been made super easy using container frameworks such as docker. For instance running a simple command like the
阅读全文
posted @ 2020-10-09 15:25
由浅入深CrosVM(一)—— 如何在Ubuntu中搭建CrosVM
摘要:什么是CrosVM CrosVM是Chrome操作系统中,用于创建虚拟机的应用。是一个Rust编写的轻量级的虚拟机。亚马逊的Firecracker从crosvm开始。借助于CrosVM 用户可以很容易的在ChromeOS中运行Linux、Android以及Windows应用程序。 CrosVM 的源
阅读全文
posted @ 2020-10-09 15:24
Making a Custom MicroVM for AWS Firecracker!
摘要:First, let’s bake a kernel! The firecracker team was nice enough to give us a .config to use as the basis of our kernel and its a great place to start
阅读全文
posted @ 2020-10-09 15:15
firecracker No space left on device
摘要:Error writing to output file - write (28: No space left on device) [IP: 91.189.88.142 80] Fetched 18.4 MB in 18s (1028 kB/s) Reading package lists...
阅读全文
posted @ 2020-10-09 15:08
防火墙与iptables
摘要:root@ubuntu:~# iptables -t nat -A POSTROUTING -s 10.10.104.83/32 -o enahisic2i0 -j MASQUERADE root@ubuntu:~# iptables -nvL -t nat Chain PREROUTING (po
阅读全文
posted @ 2020-10-09 14:57
cat EOF追加与覆盖
摘要:root@fadfdd4af58a:~# cat /etc/resolv.conf options timeout:2 attempts:5 ; generated by /usr/sbin/dhclient-script search us-east-2.compute.internal us-w
阅读全文
posted @ 2020-10-09 14:31
深度解析 AWS Firecracker 原理篇 – 虚拟化与容器运行时技术
摘要:https://aws.amazon.com/cn/blogs/china/deep-analysis-aws-firecracker-principle-virtualization-container-runtime-technology/ 摘要 AWS Firecracker是一款由 AWS开
阅读全文
posted @ 2020-10-09 12:08
vhost_vsock
摘要:安装nc-vsock https://github.com/stefanha/nc-vsock root@ubuntu:~# git clone https://github.com/stefanha/nc-vsock.git git clone https://github.com/stefanh
阅读全文
posted @ 2020-10-09 12:03
neutron-dhcp-agent
摘要:docker 上 (neutron-dhcp-agent)[neutron@controller1 /]$ ip netns list qdhcp-dbda2a7c-f987-454e-8d33-6115b2f562c1 (id: 221) qdhcp-4af45e0d-78ad-4d85-a07d
阅读全文
posted @ 2020-10-09 11:02
Firecracker 线程
摘要:1、 ./firecracker --api-sock /tmp/firecracker.socket root@ubuntu:/home/ubuntu# ps -elf | grep firecracker 0 S root 42464 41287 0 80 0 - 878 futex_ 10:5
阅读全文
posted @ 2020-10-09 10:56
kata-containers Compile And Installed
摘要:kata-containers 编译安装 kata-runtime 编译安装 123456789101112 # download source code$ go get -d -u github.com/kata-containers/runtime$ cd ${GOPATH}/src/githu
阅读全文
posted @ 2020-10-09 10:44
katacontainer debug
摘要:touch /etc/docker/daemon.json dockerd --config-file /etc/docker/daemon.jsoncat /etc/docker/daemon.json root@ubuntu:~/kata# cat /etc/docker/daemon.json
阅读全文
posted @ 2020-10-09 10:24
