E kūkākūkā kēia ʻatikala i ke kumu o ka hana , a e loaʻa pū kekahi ʻāpana kūpono me ka hoʻopili ʻana iā lākou iā Docker.
E pili ana i nā pilikia maʻamau me Docker a me nā koho no ka hoʻoponopono ʻana iā lākou , i kēia lā e wehewehe pōkole au i ka hoʻokō ʻana mai Kata Containers. ʻO Kata Containers kahi wahi holo manawa paʻa no nā ipu e pili ana i nā mīkini virtual māmā. Hana lākou ma ke ʻano like me nā ipu ʻē aʻe, akā ʻoi aku ka nui o ka hilinaʻi kaʻawale me ka hoʻohana ʻana i ka ʻenehana virtualization hardware. Ua hoʻomaka ka papahana ma 2017, ua hoʻopau ke kaiāulu o ka inoa hoʻokahi i ka hui ʻana o nā manaʻo maikaʻi loa mai Intel Clear Containers a me Hyper.sh RunV, a laila hoʻomau ka hana i ke kākoʻo ʻana i nā ʻano hana like ʻole, me AMD64, ARM, IBM p- a me z- moʻo. Hoʻohui ʻia, kākoʻo ʻia ka hana i loko o ka QEMU a me Firecracker hypervisors, a aia pū kekahi me ka containerd. Loaʻa ke code ma ma lalo o ka laikini MIT.
Nā Mea Aʻo
- Ke hana nei me kahi ʻokoʻa ʻokoʻa, no laila e hōʻoia i ka hoʻokaʻawale ʻana o ka pūnaewele, ka hoʻomanaʻo a me nā hana I / O, hiki ke hoʻoikaika i ka hoʻohana ʻana i ka hoʻokaʻawale ʻana i nā lako e pili ana i nā hoʻonui virtualization.
- Kākoʻo i nā kūlana ʻoihana me OCI (container format), Kubernetes CRI
- ʻO ka hana maʻamau no nā ipu Linux maʻamau, e hoʻonui ana i ka kaʻawale me ka ʻole o ka hana ma luna o nā VM maʻamau
- Hoʻopau i ka pono e holo i nā ipu i loko o nā mīkini virtual piha piha, nā mea maʻamau maʻamau e maʻalahi i ka hoʻohui ʻana a me ka hoʻomaka.
Kāu Mau Koho Paʻamau
he nui na nā koho hoʻonohonoho, e noʻonoʻo wau e hoʻokomo mai nā waihona e pili ana i ka ʻōnaehana hana Centos 7.
nui: Kākoʻo ʻia ʻo Kata Containers ma nā lako lako wale nō; ʻaʻole hana mau ka hoʻouna ʻana i ka virtualization pono sse4.1 kākoʻo mai ka mea hana.
He mea maʻalahi loa ka hoʻouka ʻana i nā pahu Kata:
E hoʻouka i nā pono hana no ka hana ʻana me nā waihona:
# yum -y install yum-utilsHoʻopau iā Selinux (ʻoi aku ka pololei o ka hoʻonohonoho ʻana, akā no ka maʻalahi ke hoʻopau wau ia):
# setenforce 0
# sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/configHoʻohui i ka waihona a hana i ka hoʻonohonoho
# source /etc/os-release
# ARCH=$(arch)
# BRANCH="${BRANCH:-stable-1.10}"
# yum-config-manager --add-repo "http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/CentOS_${VERSION_ID}/home:katacontainers:releases:${ARCH}:${BRANCH}.repo"
# yum -y install kata-runtime kata-proxy kata-shimhoʻoponopono
E hoʻonohonoho wau no ka hana ʻana me docker, maʻamau kona hoʻonohonoho ʻana, ʻaʻole wau e wehewehe i nā kikoʻī hou aku:
# rpm -qa | grep docker
docker-ce-cli-19.03.6-3.el7.x86_64
docker-ce-19.03.6-3.el7.x86_64
# docker -v
Docker version 19.03.6, build 369ce74a3cHoʻololi mākou i ka daemon.json:
# cat <<EOF > /etc/docker/daemon.json
{
"default-runtime": "kata-runtime",
"runtimes": {
"kata-runtime": {
"path": "/usr/bin/kata-runtime"
}
}
}
EOFHoʻomaka hou i ka docker:
# service docker restartHoʻolālā Hana
Inā hoʻomaka ʻoe i ka pahu ma mua o ka hoʻomaka ʻana i ka docker, hiki iā ʻoe ke ʻike e hōʻike ʻo uname i ka mana o ka kernel e holo ana ma ka ʻōnaehana nui:
# docker run busybox uname -a
Linux 19efd7188d06 3.10.0-1062.12.1.el7.x86_64 #1 SMP Tue Feb 4 23:02:59 UTC 2020 x86_64 GNU/LinuxMa hope o ka hoʻomaka hou ʻana, e like me kēia ka mana kernel:
# docker run busybox uname -a
Linux 9dd1f30fe9d4 4.19.86-5.container #1 SMP Sat Feb 22 01:53:14 UTC 2020 x86_64 GNU/LinuxNā hui hou aku!
# time docker run busybox mount
kataShared on / type 9p (rw,dirsync,nodev,relatime,mmap,access=client,trans=virtio)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev type tmpfs (rw,nosuid,size=65536k,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,relatime,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,xattr,name=systemd)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (ro,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (ro,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/pids type cgroup (ro,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,cpuset)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)
kataShared on /etc/resolv.conf type 9p (rw,dirsync,nodev,relatime,mmap,access=client,trans=virtio)
kataShared on /etc/hostname type 9p (rw,dirsync,nodev,relatime,mmap,access=client,trans=virtio)
kataShared on /etc/hosts type 9p (rw,dirsync,nodev,relatime,mmap,access=client,trans=virtio)
proc on /proc/bus type proc (ro,relatime)
proc on /proc/fs type proc (ro,relatime)
proc on /proc/irq type proc (ro,relatime)
proc on /proc/sys type proc (ro,relatime)
tmpfs on /proc/acpi type tmpfs (ro,relatime)
tmpfs on /proc/timer_list type tmpfs (rw,nosuid,size=65536k,mode=755)
tmpfs on /sys/firmware type tmpfs (ro,relatime)
real 0m2.381s
user 0m0.066s
sys 0m0.039s# time docker run busybox free -m
total used free shared buff/cache available
Mem: 1993 30 1962 0 1 1946
Swap: 0 0 0
real 0m3.297s
user 0m0.086s
sys 0m0.050sHoʻāʻo hoʻouka wikiwiki
No ka loiloi i nā poho mai ka virtualization, holo wau i ka sysbench, e like me nā kumu nui .
Ke holo nei i ka sysbench me ka hoʻohana ʻana iā Docker+containerd
Ka ho'āʻo hoʻoheheʻe
sysbench 1.0: multi-threaded system evaluation benchmark
Running the test with following options:
Number of threads: 1
Initializing random number generator from current time
Prime numbers limit: 20000
Initializing worker threads...
Threads started!
General statistics:
total time: 36.7335s
total number of events: 10000
total time taken by event execution: 36.7173s
response time:
min: 3.43ms
avg: 3.67ms
max: 8.34ms
approx. 95 percentile: 3.79ms
Threads fairness:
events (avg/stddev): 10000.0000/0.00
execution time (avg/stddev): 36.7173/0.00hoʻāʻo RAM
sysbench 1.0: multi-threaded system evaluation benchmark
Running the test with following options:
Number of threads: 1
Initializing random number generator from current time
Initializing worker threads...
Threads started!
Operations performed: 104857600 (2172673.64 ops/sec)
102400.00 MiB transferred (2121.75 MiB/sec)
General statistics:
total time: 48.2620s
total number of events: 104857600
total time taken by event execution: 17.4161s
response time:
min: 0.00ms
avg: 0.00ms
max: 0.17ms
approx. 95 percentile: 0.00ms
Threads fairness:
events (avg/stddev): 104857600.0000/0.00
execution time (avg/stddev): 17.4161/0.00Ke holo nei i ka sysbench me ka hoʻohana ʻana i Docker+Kata Containers
Ka ho'āʻo hoʻoheheʻe
sysbench 1.0: multi-threaded system evaluation benchmark
Running the test with following options:
Number of threads: 1
Initializing random number generator from current time
Prime numbers limit: 20000
Initializing worker threads...
Threads started!
General statistics:
total time: 36.5747s
total number of events: 10000
total time taken by event execution: 36.5594s
response time:
min: 3.43ms
avg: 3.66ms
max: 4.93ms
approx. 95 percentile: 3.77ms
Threads fairness:
events (avg/stddev): 10000.0000/0.00
execution time (avg/stddev): 36.5594/0.00hoʻāʻo RAM
sysbench 1.0: multi-threaded system evaluation benchmark
Running the test with following options:
Number of threads: 1
Initializing random number generator from current time
Initializing worker threads...
Threads started!
Operations performed: 104857600 (2450366.94 ops/sec)
102400.00 MiB transferred (2392.94 MiB/sec)
General statistics:
total time: 42.7926s
total number of events: 104857600
total time taken by event execution: 16.1512s
response time:
min: 0.00ms
avg: 0.00ms
max: 0.43ms
approx. 95 percentile: 0.00ms
Threads fairness:
events (avg/stddev): 104857600.0000/0.00
execution time (avg/stddev): 16.1512/0.00Ma ke kumu, ua maopopo ke kūlana, akā ʻoi aku ka maikaʻi o ka holo ʻana i nā hoʻokolohua i nā manawa he nui, e wehe ana i nā outliers a me ka awelika o nā hopena, no laila ʻaʻole wau e hana hou i nā hoʻokolohua hou.
haʻina
ʻOiai ʻo ka hoʻokuʻu ʻana i ia mau ipu e like me ʻelima a ʻumi mau manawa lōʻihi (ʻo ka manawa hoʻomaka maʻamau no nā kauoha like i ka wā e hoʻohana ai i ka containerd ʻoi aku ka liʻiliʻi ma mua o ka hapakolu o ke kekona), ke hana wikiwiki nei lākou inā mākou e lawe i ka manawa hoʻomaka piha (aia nā nā laʻana ma luna, hoʻopau nā kauoha i ka awelika o ʻekolu kekona). ʻAe, ʻo nā hopena o ka hoʻāʻo wikiwiki o ka CPU a me ka RAM e hōʻike i nā hopena like, ʻo ia ka nūhou maikaʻi, ʻoi aku ka maikaʻi o ka hoʻokaʻawale ʻana me ka hoʻohana ʻana i kahi mīkini hoʻāʻo maikaʻi ʻia e like me kvm.
Hoʻolaha
He loiloi ka ʻatikala, akā hāʻawi ia iā ʻoe i ka manawa e hoʻāʻo ai i kahi runtime ʻē aʻe. ʻAʻole uhi ʻia nā wahi noi he nui, no ka laʻana, wehewehe ka pūnaewele i ka hiki ke holo i nā Kubernetes ma luna o nā Containers Kata. Eia hou, hiki iā ʻoe ke hana i kekahi mau hoʻāʻo e pili ana i ka loaʻa ʻana o nā pilikia palekana, hoʻonohonoho i nā palena a me nā mea hoihoi ʻē aʻe.
Ke noi aku nei au i ka poʻe a pau i pau i ka heluhelu ʻana a hoʻihoʻi hou mai ma ʻaneʻi e komo i ka anamanaʻo, kahi e hoʻoholo ai i nā puke e hiki mai ana ma kēia kumuhana.
Hiki i nā mea hoʻohana i hoʻopaʻa inoa ʻia ke komo i ka noiʻi. , e 'oluʻolu.
Pono anei au e hoʻomau i ka hoʻopuka ʻana i nā ʻatikala e pili ana i nā pahu pahu Kata?
-
80,0%ʻAe, e kākau hou aku!28
-
20,0%ʻAʻole, ʻaʻole pono ia ...7
35 mea hoʻohana i koho. Ua hōʻole nā mea hoʻohana 7.
Source: www.habr.com