In the last month, I got a chance to work with kata-containers. My manager gave me a task to set up kata-containers with docker, I searched on the internet how to install kata-containers on Linux, I got this install-ubuntu. I followed the same steps but faced a couple of issues, Fixing those issues took almost 4–5 hrs. so I decided to publish the steps without facing those kinds of issues. so follow the below steps this will make your day.
Execute the below commands, this will Install the Kata-runtime, Proxy, Shim(Note: this article is about installation steps, usage of kata-runtime, proxy, and shim will explain in an upcoming article)
$ sudo apt install apt-transport-https ca-certificates curl software-properties-common -y$ ARCH=$(arch)$ BRANCH="${BRANCH:-master}"$ sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/xUbuntu_$(lsb_release -rs)/ /' > /etc/apt/sources.list.d/kata-containers.list"$ curl -sL http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add -$ sudo -E apt update$ sudo -E apt -y install kata-runtime kata-proxy kata-shim
A couple of caveats before we get started:
- Kata Containers is an open-source community working to build a secure container runtime with lightweight virtual machines that feel and perform like containers, but provide stronger workload isolation using hardware virtualization technology as a second layer of defense.
- Kata Containers will only work if nested-virtualization support is available. Check if your system is capable of running Kata Containers or not by using the below command.
$ sudo kata-runtime kata-check --verbose3. Before going to use kata-runtime docker needs to installed on the setup. if docker not installed execute the below commands.
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -$ sudo apt-key fingerprint 0EBFCD88$ sudo add-apt-repository \
“deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable”$ sudo apt update$ sudo apt install docker-ce docker-ce-cli containerd.io
4. check docker engine version & kata-runtime version
$ sudo docker version$ sudo kata-runtime version
5. By default docker container uses runc as a run-time, instead of runc now we are going to configure docker to use kata-runtime.
$ sudo mkdir -p /etc/systemd/system/docker.service.d/$ cat <<EOF | sudo tee /etc/systemd/system/docker.service.d/kata-containers.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -D --add-runtime kata-runtime=/usr/bin/kata-runtime --default-runtime=kata-runtime
EOF
now everything configured successfully, it’s time to create kata-containers. After running the docker run command it looks like we are using normal runc only but in the background, it will create the container inside the virtual machine this is abstracted from the user.
$ sudo docker run -it ubuntu:18.04 dateAnd docker CLI has the option to provide which run-time to use for launching the container.
$ sudo docker run -it --runtime=kata-runtime ubuntu:18.04 dateThat’s All Folk’s
Wasn’t that simple! We now have a docker that uses kata-runtime as the container runtime.
