Kata Containers*

This tutorial describes how to install, configure, and run Kata Containers on Clear Linux* OS.

Description

Kata Containers is an open source project developing a lightweight implementation of VMs that offer the speed of containers and the security of VMs.

Prerequisites

This tutorial assumes you have installed Clear Linux OS on your host system. For detailed instructions on installing Clear Linux OS on a bare metal system, follow the bare metal installation tutorial.

If you have Clear Containers installed on your Clear Linux OS system, then follow the migrate Clear Containers to Kata Containers tutorial.

Update Clear Linux OS with the following command:

sudo swupd update

Install Kata Containers

Kata Containers is included in the containers-virt bundle. To install the framework:

  1. Install the containers-virt bundle:

    sudo swupd bundle-add containers-virt

  2. Reload and restart the Docker* systemd service.

    sudo systemctl daemon-reload
sudo systemctl restart docker

Run Kata Containers

To use kata as the runtime for an individual container, add --runtime=kata-runtime to the docker run command. For example:

sudo docker run --runtime=kata-runtime -ti busybox sh

To use kata as the default runtime for all Docker containers:

  1. Set the default runtime for the Docker daemon:

    Note

    The method below uses a systemd drop-in configuration to add a command-line (CLI) parameter to the Docker daemon for setting the default-runtime. Alternatively, the default runtime can be set in the Docker daemon configuration file. The Docker daemon will not start if the default-runtime configuration in set multiple locations.

    sudo mkdir -p /etc/systemd/system/docker.service.d/

cat <<EOF | sudo tee /etc/systemd/system/docker.service.d/50-runtime.conf
[Service]
Environment="DOCKER_DEFAULT_RUNTIME=--default-runtime kata-runtime"
EOF

  2. Reload and restart the Docker* systemd service.

    sudo systemctl daemon-reload
sudo systemctl restart docker

  3. Verify the default runtime reported by docker is kata-runtime.

    sudo docker info | grep "Default Runtime"
   Default Runtime: kata-runtime

Troubleshooting

  • If you are behind a HTTP proxy server, in a corporate setting for example, please refer to the Docker proxy instructions.

  • To change the Docker storage driver, see Additional Docker configuration.

  • To check the version of Clear Linux OS on your system, enter: sudo swupd info.

  • Clear Linux OS versions before 27000 require manually configure Docker* to use Kata Containers as shown in this tutorial.

  • Clear Linux OS versions between 27000 and 31930 had a mechanism to automatically set kata as the default runtime for docker. To disable this mechanism run the commands below:

    sudo systemctl mask docker-set-runtime.service
sudo rm /etc/systemd/system/docker.service.d/50-runtime.conf
sudo systemctl daemon-reload
sudo systemctl restart docker.service