Kamora lilemo tse peli tsa nts'etsopele, tokollo ea projeke ea Kata Containers 3.0 e phatlalalitsoe, ho nts'etsapele seketsoana sa ho hlophisa ts'ebetso ea lijana ho sebelisoa ho itšehla thajana ho ipapisitse le mekhoa e felletseng ea ho tsebahatsa. Morero o entsoe ke Intel le Hyper ka ho kopanya Clear Containers le runV technologies. Khoutu ea projeke e ngotsoe ho Go and Rust, mme e ajoa tlasa laesense ea Apache 2.0. Tsoelo-pele ea morero e laoloa ke sehlopha sa basebetsi se entsoeng tlas'a ts'ebetso ea mokhatlo o ikemetseng oa OpenStack Foundation, o kenyelletsang lik'hamphani tse kang Canonical, China Mobile, Dell / EMC, EasyStack, Google, Huawei, NetApp, Red Hat, SUSE le ZTE. .
Bohareng ba Kata ke nako ea ho matha, e fanang ka bokhoni ba ho theha mechine e sebetsang e sebetsang e sebelisa hypervisor e feletseng, ho e-na le ho sebelisa lijana tsa setso tse sebelisang kernel e tloaelehileng ea Linux 'me li arotsoe ka ho sebelisa libaka tsa mabitso le lihlopha. Tšebeliso ea mechine ea sebele e u lumella ho finyella boemo bo phahameng ba tšireletso bo sireletsang khahlanong le litlhaselo tse bakoang ke ho sebelisoa ha bofokoli ho Linux kernel.
Kata Containers e tsepamisitse maikutlo ho hokahaneng le meaho e teng ea ho itšehla thajana ka bokhoni ba ho sebelisa mechini e ts'oanang ho matlafatsa ts'ireletso ea lijana tsa setso. Morero o fana ka mekhoa ea ho netefatsa ho lumellana ha mechini e bobebe e bobebe e nang le lisebelisoa tse fapaneng tsa ho itšehla thajana, liforomo tsa 'mino oa lijana le litlhaloso tse kang OCI (Open Container Initiative), CRI (Container Runtime Interface) le CNI (Container Networking Interface). Lisebelisoa li teng bakeng sa ho kopanngoa le Docker, Kubernetes, QEMU le OpenStack.
Ho kopanngoa le litsamaiso tsa tsamaiso ea lijana ho finyelloa ka ho sebelisa lera le etsisang taolo ea lijana, e fihlelang moemeli ea laolang mochining o sebetsang ka sebopeho sa gRPC le proxy e khethehileng. Ka hare ho tikoloho ea sebele, e hlahisoang ke hypervisor, ho sebelisoa kernel e khethehileng ea Linux, e nang le bokhoni bo fokolang feela bo hlokahalang.
Joalo ka hypervisor, e ts'ehetsa ts'ebeliso ea Dragonball Sandbox (khatiso ea KVM e ntlafalitsoeng bakeng sa lijana) ka sesebelisoa sa lisebelisoa sa QEMU, hammoho le Firecracker le Cloud Hypervisor. Tikoloho ea sistimi e kenyelletsa daemon ea ho qala le moemeli. Moemeli o fana ka ts'ebetso ea litšoantšo tse hlalositsoeng ke basebelisi ka sebopeho sa OCI bakeng sa Docker le CRI bakeng sa Kubernetes. Ha e sebelisoa hammoho le Docker, ho etsoa mochine o ikemetseng oa sejana ka seng, ke hore. Tikoloho e tsamaeang ka holim'a hypervisor e sebelisoa bakeng sa ho qala sehlaha sa lijana.
Ho fokotsa tšebeliso ea memori, ho sebelisoa mochine oa DAX (ho fihlella ka ho toba tsamaisong ea lifaele, ho feta cache ea leqephe ntle le ho sebelisa boemo ba sesebelisoa sa block), le ho fokotsa libaka tse tšoanang tsa mohopolo, ho sebelisoa theknoloji ea KSM (Kernel Samepage Merging), e u lumellang ho hlophisa kabo ea lisebelisoa tsa sistimi e amohelang baeti le ho hokela lits'ebetsong tse fapaneng tsa baeti ba arolelana template e tloaelehileng ea tikoloho.
Khatisong e ncha:
- Nako e 'ngoe ea ho matha (runtime-rs) e sisintsoe, e leng ho tlatsa linkho, tse ngotsoeng ka puo ea Rust (nako ea ho matha e fanoeng pele e ne e ngotsoe ka puo ea Go). Runtime e tsamaisana le OCI, CRI-O le Containerd, e lumellang hore e sebelisoe le Docker le Kubernetes.
- Ho hlahisitsoe hypervisor e ncha ea dragonball e thehiloeng ho KVM le rust-vmm.
- Tšehetso e ekelitsoeng bakeng sa ho fetisetsa phihlello ho GPU o sebelisa VFIO.
- Tšehetso e ekelitsoeng bakeng sa sehlopha sa v2.
- Ts'ehetso ea ho fetola litlhophiso ntle le ho fetola faele ea mantlha ea tlhophiso e kentsoe tšebetsong ka ho nkela li-blocks lifaeleng tse arohaneng tse fumanehang bukeng ea "config.d/".
- Likarolo tsa mafome li kenyelletsa laeborari e ncha bakeng sa ho sebetsa ka mokhoa o sireletsehileng ka litsela tsa lifaele.
- Karolo ea virtiofsd (e ngotsoeng ho C) e nketsoe sebaka ke virtiofsd-rs (e ngotsoeng ka Rust).
- Tšehetso e ekelitsoeng bakeng sa likarolo tsa QEMU tsa sandboxing.
- QEMU e sebelisa io_uring API bakeng sa Asynchronous I/O.
- Tšehetso ea lisebelisoa tsa Intel TDX (Trusted Domain Extensions) e kentsoe tšebetsong bakeng sa QEMU le Cloud-hypervisor.
- Likarolo tse ntlafalitsoeng: QEMU 6.2.0, Cloud-hypervisor 26.0, Firecracker 1.1.0, Linux kernel 5.19.2.
Source: opennet.ru