Bayan shekaru biyu na ci gaba, an buga sakin aikin Kata Containers 3.0, yana haɓaka tari don tsara aiwatar da kwantena ta amfani da keɓancewa dangane da ingantattun hanyoyin haɓakawa. Intel da Hyper ne suka kirkiro aikin ta hanyar hada kwantena masu tsabta da fasahar runV. An rubuta lambar aikin a cikin Go da Rust, kuma an rarraba a ƙarƙashin lasisin Apache 2.0. Ƙungiya mai aiki da aka kirkira a ƙarƙashin kulawar ƙungiyar OpenStack Foundation ce ke kula da ci gaban aikin, wanda ya haɗa da kamfanoni kamar Canonical, China Mobile, Dell/EMC, EasyStack, Google, Huawei, NetApp, Red Hat, SUSE da ZTE .
A ainihin Kata shine lokacin aiki, wanda ke ba da damar ƙirƙirar injunan ƙirar ƙira waɗanda ke gudana ta amfani da cikakken hypervisor, maimakon yin amfani da kwantena na gargajiya waɗanda ke amfani da kwaya na Linux gama gari kuma ana keɓe su ta amfani da wuraren suna da ƙungiyoyi. Amfani da injunan kama-da-wane yana ba ku damar cimma babban matakin tsaro wanda ke ba da kariya daga hare-haren da ake amfani da su a cikin kernel na Linux.
Kwantenan Kata sun mai da hankali kan haɗa kai cikin abubuwan keɓancewa na kwantena tare da ikon yin amfani da injina iri ɗaya don haɓaka kariyar kwantena na gargajiya. Aikin yana ba da hanyoyin da za a tabbatar da dacewa da injunan kama-da-wane masu nauyi tare da kayan aikin ware kwantena daban-daban, dandamali na ƙungiyar kwantena da ƙayyadaddun bayanai kamar OCI (Initiative Buɗaɗɗen Kwantena), CRI (Tsarin Runtime na Kwantena) da CNI (Container Networking Interface). Akwai kayan aiki don haɗawa tare da Docker, Kubernetes, QEMU da OpenStack.
Ana samun haɗin kai tare da tsarin sarrafa kwantena ta amfani da wani Layer wanda ke kwatanta sarrafa kwantena, wanda ke samun dama ga wakili mai gudanarwa a cikin injin kama-da-wane ta hanyar haɗin gRPC da wakili na musamman. A cikin mahallin kama-da-wane, wanda hypervisor ya ƙaddamar, ana amfani da ingantaccen ingantaccen kwaya na Linux, wanda ya ƙunshi mafi ƙarancin saiti na abubuwan da suka dace.
A matsayin hypervisor, yana goyan bayan amfani da Sandbox Dragonball (bugu na KVM wanda aka inganta don kwantena) tare da kayan aikin QEMU, da Firecracker da Cloud Hypervisor. Yanayin tsarin ya haɗa da daemon farawa da wakili. Wakilin yana ba da aiwatar da hotunan kwantena da aka ayyana mai amfani a cikin tsarin OCI don Docker da CRI don Kubernetes. Lokacin da aka yi amfani da shi tare da Docker, ana ƙirƙira na'ura mai mahimmanci don kowane akwati, watau. Ana amfani da yanayin da ke gudana a saman hypervisor don ƙaddamar da kwantena.
Don rage yawan ƙwaƙwalwar ajiya, ana amfani da tsarin DAX (hanzari kai tsaye zuwa tsarin fayil, ƙetare cache shafi ba tare da amfani da matakin toshewar na'urar ba), kuma don ƙaddamar da wuraren ƙwaƙwalwar ajiya iri ɗaya, ana amfani da fasahar KSM (Kernel Samepage Merging), wanda ke ba ku damar. don tsara rabon albarkatun tsarin runduna da haɗawa da tsarin baƙo daban-daban suna raba samfurin yanayin tsarin gama gari.
A cikin sabon sigar:
- An ba da shawarar madadin lokacin gudu (runtime-rs), wanda ke samar da cika kwantena, da aka rubuta cikin yaren Rust (lokacin da aka kawo a baya an rubuta shi cikin yaren Go). Lokacin gudu ya dace da OCI, CRI-O da Kwantena, yana ba da damar yin amfani da shi tare da Docker da Kubernetes.
- An ƙaddamar da sabon hawan hawan dragon wanda ya dogara da KVM da tsatsa-vmm.
- Ƙara tallafi don isar da damar zuwa GPU ta amfani da VFIO.
- Ƙara tallafi don ƙungiyar v2.
- An aiwatar da goyan bayan canza saituna ba tare da canza babban fayil ɗin sanyi ba ta hanyar maye gurbin tubalan a cikin fayiloli daban waɗanda ke cikin “config.d/” directory.
- Abubuwan tsatsa sun haɗa da sabon ɗakin karatu don aiki amintacce tare da hanyoyin fayil.
- An maye gurbin ɓangaren virtiofsd (an rubuta a cikin C) tare da virtiofsd-rs (an rubuta cikin Rust).
- Ƙara goyon baya don sandboxing na abubuwan QEMU.
- QEMU tana amfani da io_uring API don I/O asynchronous.
- An aiwatar da ƙarin haɓakawa don Intel TDX (Amintattun Domain Extensions) don QEMU da Cloud-hypervisor.
- Abubuwan da aka sabunta: QEMU 6.2.0, Cloud-hypervisor 26.0, Firecracker 1.1.0, Linux kernel 5.19.2.
source: budenet.ru