Isiokwu a ga-atụle otú o si arụ ọrụ , na a ga-enwekwa akụkụ bara uru na njikọ ha na Docker.
Banyere nsogbu nkịtị na Docker na ngwọta ha ugbua , Taa, m ga-akọwa nkenke nkenke mmejuputa site na Kata Containers. Kata Containers bụ oge ịgba ọsọ akpa echekwara dabere na igwe mebere dị fechaa. Soro ha na-arụkọ ọrụ bụ otu ihe ahụ dị na arịa ndị ọzọ, mana na mgbakwunye enwere ikewapụ ntụkwasị obi karịa site na iji teknụzụ virtualization ngwaike. Ihe oru ngo a malitere na 2017, mgbe obodo nke otu aha mezuru nchikota nke echiche kacha mma sitere na Intel Clear Containers na Hyper.sh RunV, mgbe nke a gasịrị, ọrụ gara n'ihu na nkwado maka ụlọ ọrụ dị iche iche, gụnyere AMD64, ARM, IBM p- na z -usoro. Na mgbakwunye, a na-akwado ọrụ n'ime hypervisors QEMU, Firecracker, yana njikọta na akpa. Koodu dị na n'okpuru ikike MIT.
Njirimara igodo
- Na-arụ ọrụ na isi dị iche iche, si otú a na-enye netwọk, ebe nchekwa na M / O iche, ọ ga-ekwe omume ịmanye iji ikewapụ ngwaike dabere na ndọtị virtualization.
- Nkwado maka ụkpụrụ ụlọ ọrụ gụnyere OCI (ụdị akpa), Kubernetes CRI
- Arụmọrụ na-agbanwe agbanwe nke arịa Linux oge niile, mmụba dịpụrụ adịpụ na-enweghị arụmọrụ karịrị VM oge niile
- Wepụ mkpa ọ dị ịmegharị igbe n'ime igwe mebere zuru oke, ọnụọgụ ọnụọgụ na-eme ka njikọta na mmalite dị mfe.
ọnọdụ
E nwere nhọrọ nrụnye, m ga-atụle ịwụnye site na ebe nchekwa, dabere na sistemụ arụmọrụ Centos 7.
mkpa: Kata Containers ọrụ na-akwado naanị na ngwaike, virtualization ebugharị anaghị arụ ọrụ mgbe niile, nakwa mkpa sse4.1 nkwado site na processor.
Ịwụnye Kata Containers dị nnọọ mfe:
Wụnye akụrụngwa maka ịrụ ọrụ na ebe nchekwa:
# yum -y install yum-utilsGbanyụọ Selinux (ọ ka mma ịhazi, mana maka ịdị mfe m na-ewepụ ya):
# setenforce 0
# sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/configAnyị na-ejikọta ebe nchekwa ma rụọ nrụnye
# source /etc/os-release
# ARCH=$(arch)
# BRANCH="${BRANCH:-stable-1.10}"
# yum-config-manager --add-repo "http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/CentOS_${VERSION_ID}/home:katacontainers:releases:${ARCH}:${BRANCH}.repo"
# yum -y install kata-runtime kata-proxy kata-shimukpụhọde
M ga-edozi ka ya na docker rụọ ọrụ, ntinye ya bụ nke a na-ahụkarị, agaghị m akọwa ya n'ụzọ zuru ezu:
# rpm -qa | grep docker
docker-ce-cli-19.03.6-3.el7.x86_64
docker-ce-19.03.6-3.el7.x86_64
# docker -v
Docker version 19.03.6, build 369ce74a3cAnyị na-eme mgbanwe na daemon.json:
# cat <<EOF > /etc/docker/daemon.json
{
"default-runtime": "kata-runtime",
"runtimes": {
"kata-runtime": {
"path": "/usr/bin/kata-runtime"
}
}
}
EOFMalitegharịa docker:
# service docker restartNyocha arụmọrụ
Ọ bụrụ na ibido akpa ahụ tupu ịmalitegharị docker, ị ga-ahụ na uname ga-enye ụdị kernel na-arụ ọrụ na isi sistemụ:
# docker run busybox uname -a
Linux 19efd7188d06 3.10.0-1062.12.1.el7.x86_64 #1 SMP Tue Feb 4 23:02:59 UTC 2020 x86_64 GNU/LinuxMgbe ịmalitegharịrị, ụdị kernel dị ka nke a:
# docker run busybox uname -a
Linux 9dd1f30fe9d4 4.19.86-5.container #1 SMP Sat Feb 22 01:53:14 UTC 2020 x86_64 GNU/LinuxOtu ndị ọzọ!
# time docker run busybox mount
kataShared on / type 9p (rw,dirsync,nodev,relatime,mmap,access=client,trans=virtio)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev type tmpfs (rw,nosuid,size=65536k,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,relatime,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,xattr,name=systemd)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (ro,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (ro,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/pids type cgroup (ro,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,cpuset)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)
kataShared on /etc/resolv.conf type 9p (rw,dirsync,nodev,relatime,mmap,access=client,trans=virtio)
kataShared on /etc/hostname type 9p (rw,dirsync,nodev,relatime,mmap,access=client,trans=virtio)
kataShared on /etc/hosts type 9p (rw,dirsync,nodev,relatime,mmap,access=client,trans=virtio)
proc on /proc/bus type proc (ro,relatime)
proc on /proc/fs type proc (ro,relatime)
proc on /proc/irq type proc (ro,relatime)
proc on /proc/sys type proc (ro,relatime)
tmpfs on /proc/acpi type tmpfs (ro,relatime)
tmpfs on /proc/timer_list type tmpfs (rw,nosuid,size=65536k,mode=755)
tmpfs on /sys/firmware type tmpfs (ro,relatime)
real 0m2.381s
user 0m0.066s
sys 0m0.039s# time docker run busybox free -m
total used free shared buff/cache available
Mem: 1993 30 1962 0 1 1946
Swap: 0 0 0
real 0m3.297s
user 0m0.086s
sys 0m0.050sNnwale ibu ngwa ngwa
Iji nyochaa mfu site na virtualization - m na-agba ọsọ sysbench, dị ka isi ihe atụ .
Na-agba ọsọ sysbench site na iji Docker+containerd
Nnwale nhazi
sysbench 1.0: multi-threaded system evaluation benchmark
Running the test with following options:
Number of threads: 1
Initializing random number generator from current time
Prime numbers limit: 20000
Initializing worker threads...
Threads started!
General statistics:
total time: 36.7335s
total number of events: 10000
total time taken by event execution: 36.7173s
response time:
min: 3.43ms
avg: 3.67ms
max: 8.34ms
approx. 95 percentile: 3.79ms
Threads fairness:
events (avg/stddev): 10000.0000/0.00
execution time (avg/stddev): 36.7173/0.00Nnwale RAM
sysbench 1.0: multi-threaded system evaluation benchmark
Running the test with following options:
Number of threads: 1
Initializing random number generator from current time
Initializing worker threads...
Threads started!
Operations performed: 104857600 (2172673.64 ops/sec)
102400.00 MiB transferred (2121.75 MiB/sec)
General statistics:
total time: 48.2620s
total number of events: 104857600
total time taken by event execution: 17.4161s
response time:
min: 0.00ms
avg: 0.00ms
max: 0.17ms
approx. 95 percentile: 0.00ms
Threads fairness:
events (avg/stddev): 104857600.0000/0.00
execution time (avg/stddev): 17.4161/0.00Na-agba ọsọ sysbench site na iji Docker+Kata Containers
Nnwale nhazi
sysbench 1.0: multi-threaded system evaluation benchmark
Running the test with following options:
Number of threads: 1
Initializing random number generator from current time
Prime numbers limit: 20000
Initializing worker threads...
Threads started!
General statistics:
total time: 36.5747s
total number of events: 10000
total time taken by event execution: 36.5594s
response time:
min: 3.43ms
avg: 3.66ms
max: 4.93ms
approx. 95 percentile: 3.77ms
Threads fairness:
events (avg/stddev): 10000.0000/0.00
execution time (avg/stddev): 36.5594/0.00Nnwale RAM
sysbench 1.0: multi-threaded system evaluation benchmark
Running the test with following options:
Number of threads: 1
Initializing random number generator from current time
Initializing worker threads...
Threads started!
Operations performed: 104857600 (2450366.94 ops/sec)
102400.00 MiB transferred (2392.94 MiB/sec)
General statistics:
total time: 42.7926s
total number of events: 104857600
total time taken by event execution: 16.1512s
response time:
min: 0.00ms
avg: 0.00ms
max: 0.43ms
approx. 95 percentile: 0.00ms
Threads fairness:
events (avg/stddev): 104857600.0000/0.00
execution time (avg/stddev): 16.1512/0.00Na ụkpụrụ, ọnọdụ ahụ adịlarị anya, ma ọ ka mma ịme ule ahụ ọtụtụ ugboro, wepụ ihe ndị na-emepụta ihe na nkezi nsonaazụ ya, n'ihi ya, anaghị m eme ule ọzọ.
Nchoputa
N'agbanyeghị eziokwu na ndị dị otú ahụ containers na-ewe ihe dị ka ise ruo ugboro iri ogologo ịmalite (ụdị ọsọ oge maka yiri iwu mgbe eji containerd bụ ihe na-erughị atọ nke a nke abụọ), ha ka na-arụ ọrụ ngwa ngwa ma ọ bụrụ na anyị na-amalite zuru oke oge (ebe ahụ). bụ ihe atụ dị n'elu, iwu emere na nkezi nke sekọnd atọ). Ọfọn, nsonaazụ nke nyocha ngwa ngwa nke CPU na RAM na-egosi ihe fọrọ nke nta ka ọ bụrụ otu ihe ahụ, nke na-enweghị ike ịṅụrị ọṅụ, karịsịa n'ihi eziokwu ahụ bụ na a na-enye iche iche site na iji usoro na-agba ọsọ dị ka kvm.
Ọkwa
Edemede a bụ nyocha, mana ọ na-enye gị ohere inwe mmetụta oge ịgba ọsọ ọzọ. A naghị ekpuchi ọtụtụ mpaghara ngwa, dịka ọmụmaatụ, saịtị ahụ na-akọwa ikike ịgba ọsọ Kubernetes n'elu Kata Containers. Na mgbakwunye, ị nwekwara ike ịgba ọsọ usoro ule lekwasịrị anya n'ịchọta nsogbu nchekwa, ịtọ ihe mgbochi na ihe ndị ọzọ na-atọ ụtọ.
A na m arịọ ndị niile gụrụ akwụkwọ na rewound ebe a ka ha sonye na nyocha ahụ, nke akwụkwọ ga-abịa n'ihu na isiokwu a ga-adabere.
Naanị ndị ọrụ edebanyere aha nwere ike isonye na nyocha a. , Biko.
Ekwesịrị m ịga n'ihu na-ebipụta akụkọ gbasara Kata Containers?
-
80,0%Ee, dee ihe!28
-
20,0%Mba, emela…7
Ndị ọrụ 35 tụrụ vootu. Ndị ọrụ 7 anabataghị.
isi: www.habr.com