An buga sakin aikin Kata Containers 3.2, yana haɓaka tari don tsara aiwatar da kwantena ta amfani da keɓancewa dangane da ingantattun hanyoyin haɓakawa. Intel da Hyper ne suka kirkiro aikin ta hanyar hada kwantena masu tsabta da fasahar runV. An rubuta lambar aikin a cikin Go da Rust, kuma an rarraba a ƙarƙashin lasisin Apache 2.0. Ƙungiya mai aiki da aka kirkira a ƙarƙashin kulawar ƙungiyar OpenStack Foundation ce ke kula da ci gaban aikin, wanda ya haɗa da kamfanoni kamar Canonical, China Mobile, Dell/EMC, EasyStack, Google, Huawei, NetApp, Red Hat, SUSE da ZTE .
An gina Kata ne bisa tsarin aiki wanda ke ba da damar ƙirƙirar ƙananan injunan kama-da-wane waɗanda ke aiki akan cikakken hypervisor, maimakon amfani da kwantena na gargajiya waɗanda ke amfani da kernel na gama gari. Linux kuma an ware shi ta amfani da wuraren suna da ƙungiyoyin cgroups. injunan kama-da-wane yana ba da damar babban matakin tsaro wanda ke kare kai daga hare-hare da ke haifar da amfani da raunin ƙwayoyin cuta Linux.
Kwantenan Kata sun mai da hankali kan haɗa kai cikin abubuwan keɓancewa na kwantena tare da ikon yin amfani da injina iri ɗaya don haɓaka kariyar kwantena na gargajiya. Aikin yana ba da hanyoyin da za a tabbatar da dacewa da injunan kama-da-wane masu nauyi tare da kayan aikin ware kwantena daban-daban, dandamali na ƙungiyar kwantena da ƙayyadaddun bayanai kamar OCI (Initiative Buɗaɗɗen Kwantena), CRI (Tsarin Runtime na Kwantena) da CNI (Container Networking Interface). Akwai kayan aiki don haɗawa tare da Docker, Kubernetes, QEMU da OpenStack.
Ana samun haɗin kai da tsarin sarrafa kwantena ta amfani da tsarin sarrafa kwantena wanda ke sadarwa da wakilin gudanarwa a cikin injin kama-da-wane ta hanyar hanyar sadarwa ta gRPC da kuma wakili na musamman. Ana amfani da kernel da aka inganta musamman a cikin yanayin kama-da-wane, wanda mai lura da kaya ke ƙaddamar da shi. Linux, wanda ke ɗauke da mafi ƙarancin saitin fasaloli masu mahimmanci kawai.
Mai amfani da na'urar daukar hoto mai goyan baya ita ce Dragonball Sandbox (bugun KVM da aka inganta a cikin kwantena) tare da QEMU, da kuma Firecracker da Cloud Hypervisor. Yanayin tsarin ya haɗa da init daemon da wakili. Wakilin yana ba da damar aiwatar da hotunan kwantena da mai amfani ya ayyana a cikin tsarin OCI don tsarin Docker da CRI don Kubernetes. Idan aka yi amfani da shi tare da Docker, ana ƙirƙirar wani misali daban ga kowane kwantena. injin kama-da-wane, wato, ana amfani da yanayin da ke kan babban ma'aunin hypervisor don ƙaddamar da kwantena.
Don rage yawan ƙwaƙwalwar ajiya, ana amfani da tsarin DAX (hanzari kai tsaye zuwa tsarin fayil, ƙetare cache shafi ba tare da amfani da matakin toshewar na'urar ba), kuma don ƙaddamar da wuraren ƙwaƙwalwar ajiya iri ɗaya, ana amfani da fasahar KSM (Kernel Samepage Merging), wanda ke ba ku damar. don tsara rabon albarkatun tsarin runduna da haɗawa da tsarin baƙo daban-daban suna raba samfurin yanayin tsarin gama gari.
A cikin sabon sigar:
- Baya ga goyan baya ga gine-ginen AMD64 (x86_64), ana ba da sakewa don gine-ginen ARM64 (Aarch64) da s390 (IBM Z). Taimakawa ga gine-ginen ppc64le (IBM Power) yana cikin haɓakawa.
- Don tsara damar yin amfani da hotunan kwantena, ana amfani da tsarin fayil na Nydus 2.2.0, wanda ke amfani da bayanin abun ciki don ingantaccen haɗin gwiwa tare da daidaitattun hotuna. Nydus yana goyan bayan loda hotuna akan-da- tashi (zazzagewa kawai lokacin da ake buƙata), yana ba da kwafin bayanan kwafin, kuma yana iya amfani da bayanan baya daban-daban don ainihin ajiya. An ba da daidaituwar POSIX (kamar Composefs, aiwatar da Nydus ya haɗu da damar OverlayFS tare da EROFS ko FUSE module).
- An haɗa manajan inji na Dragonball a cikin babban tsarin aikin Kata Containers, wanda yanzu za a haɓaka shi a cikin ma'ajin gama gari.
- An ƙara aikin gyara kurakurai zuwa kata-ctl mai amfani don haɗawa zuwa na'ura mai mahimmanci daga mahallin mahalli.
- An faɗaɗa ƙarfin sarrafa GPU kuma an ƙara tallafi don tura GPUs zuwa kwantena don lissafin sirri (Confidential Container), wanda ke ba da ɓoyayyen bayanai, ƙwaƙwalwar ajiya da yanayin kisa don kariya a yayin da aka sami sulhu na mahalli ko hypervisor.
- An ƙara tsarin sarrafa na'urorin da aka yi amfani da su a cikin kwantena ko mahallin sandbox zuwa Runtime-rs. Goyan bayan aiki tare da vfio, toshe, cibiyar sadarwa da sauran nau'ikan na'urori.
- An ba da dacewa tare da OCI Runtime 1.0.2 da Kubernetes 1.23.1.
- A matsayin cibiya Linux Ana ba da shawarar amfani da sakin 6.1.38 tare da faci.
- An canza ci gaba daga amfani da tsarin haɗin kai na Jenkins zuwa GitHub Actions.
source: budenet.ru
