Pambuyo pazaka ziwiri zachitukuko, kutulutsidwa kwa pulojekiti ya Kata Containers 3.0 kwasindikizidwa, ndikupanga mulu wokonzekera kuphedwa kwa zotengera pogwiritsa ntchito kudzipatula kutengera njira zonse zowonera. Ntchitoyi idapangidwa ndi Intel ndi Hyper pophatikiza Clear Containers ndi ukadaulo wa runV. Khodi ya polojekitiyi idalembedwa mu Go and Rust, ndipo imagawidwa pansi pa chilolezo cha Apache 2.0. Kukula kwa polojekitiyi kumayang'aniridwa ndi gulu logwira ntchito lomwe linapangidwa mothandizidwa ndi bungwe lodziimira palokha la OpenStack Foundation, lomwe limaphatikizapo makampani monga Canonical, China Mobile, Dell / EMC, EasyStack, Google, Huawei, NetApp, Red Hat, SUSE ndi ZTE. .
Pamtima pa Kata ndi nthawi yothamanga, yomwe imapereka mphamvu yopangira makina osakanikirana omwe amagwiritsira ntchito hypervisor yathunthu, m'malo mogwiritsa ntchito zida zachikhalidwe zomwe zimagwiritsa ntchito kernel wamba ya Linux ndipo zimakhala zolekanitsidwa pogwiritsa ntchito mayina ndi magulu. Kugwiritsa ntchito makina owoneka bwino kumakupatsani mwayi wopeza chitetezo chapamwamba chomwe chimateteza ku ziwopsezo zomwe zimayambitsidwa ndi kugwiritsa ntchito ziwopsezo mu Linux kernel.
Kata Containers imayang'ana kwambiri pakuphatikizana ndi zida zomwe zilipo zodzipatula ndikutha kugwiritsa ntchito makina ofananirako kuti apititse patsogolo chitetezo chazotengera zakale. Pulojekitiyi imapereka njira zowonetsetsa kuti makina opepuka opepuka omwe ali ndi zida zosiyanasiyana zodzipatula, nsanja zoyimba ndi zina monga OCI (Open Container Initiative), CRI (Container Runtime Interface) ndi CNI (Container Networking Interface). Zida zilipo kuti ziphatikizidwe ndi Docker, Kubernetes, QEMU ndi OpenStack.
Kuphatikizana ndi makina oyendetsera zotengera kumatheka pogwiritsa ntchito wosanjikiza womwe umatengera kasamalidwe ka ziwiya, zomwe zimafikira woyang'anira makinawo kudzera pa gRPC ndi projekiti yapadera. Mkati mwa chilengedwe, chomwe chimayambitsidwa ndi hypervisor, kernel yokonzedwa mwapadera ya Linux imagwiritsidwa ntchito, yomwe imakhala ndi zofunikira zochepa chabe.
Monga hypervisor, imathandizira kugwiritsa ntchito Dragonball Sandbox (kusindikiza kwa KVM kokometsedwa kwa zotengera) ndi zida za QEMU, komanso Firecracker ndi Cloud Hypervisor. Chilengedwe chadongosolo chimaphatikizapo daemon yoyambitsa ndi wothandizira. Wothandizirayo amapereka zithunzi zojambulidwa ndi ogwiritsa ntchito mu mtundu wa OCI wa Docker ndi CRI wa Kubernetes. Mukagwiritsidwa ntchito molumikizana ndi Docker, makina apadera amapangidwa pachidebe chilichonse, i.e. Malo omwe akuyenda pamwamba pa hypervisor amagwiritsidwa ntchito poyambitsa zisa.
Kuti muchepetse kukumbukira kukumbukira, njira ya DAX imagwiritsidwa ntchito (kufikira mwachindunji pamafayilo, kudutsa cache yamasamba osagwiritsa ntchito mulingo wa chipangizocho), komanso kubwereza madera omwe amakumbukira, ukadaulo wa KSM (Kernel Samepage Merging) umagwiritsidwa ntchito, womwe umakupatsani mwayi kukonza kugawana zinthu zogwirira ntchito ndikulumikizana ndi machitidwe osiyanasiyana a alendo amagawana template yofanana ya chilengedwe.
Mu mtundu watsopano:
- Njira ina yothamangitsira (runtime-rs) ikuperekedwa, yomwe imapanga kudzazidwa kwa makontena, olembedwa m'chinenero cha Rust (nthawi yothamanga yomwe inaperekedwa kale inalembedwa m'chinenero cha Go). Runtime imagwirizana ndi OCI, CRI-O ndi Containerd, kulola kuti igwiritsidwe ntchito ndi Docker ndi Kubernetes.
- Hypervisor yatsopano ya dragonball yozikidwa pa KVM ndi dzimbiri-vmm yaperekedwa.
- Thandizo lowonjezera la kutumiza mwayi ku GPU pogwiritsa ntchito VFIO.
- Thandizo lowonjezera la cgroup v2.
- Thandizo losintha zosintha popanda kusintha fayilo yayikulu yosinthira yakhazikitsidwa posintha midadada m'mafayilo osiyana omwe ali mu "config.d/" directory.
- Zigawo za dzimbiri zimaphatikizapo laibulale yatsopano yogwirira ntchito motetezeka ndi njira zamafayilo.
- Chigawo cha virtiofsd (cholembedwa mu C) chasinthidwa ndi virtiofsd-rs (cholembedwa ku Rust).
- Thandizo lowonjezera la sandboxing QEMU zigawo.
- QEMU imagwiritsa ntchito API ya io_uring pa I/O yosasinthika.
- Kuthandizira zowonjezera za Intel TDX (Trusted Domain Extensions) zakhazikitsidwa pa QEMU ndi Cloud-hypervisor.
- Zigawo zasinthidwa: QEMU 6.2.0, Cloud-hypervisor 26.0, Firecracker 1.1.0, Linux kernel 5.19.2.
Source: opennet.ru