Nkan yii yoo jiroro bi o ṣe n ṣiṣẹ , ati pe yoo tun jẹ apakan ti o wulo pẹlu asopọ wọn si Docker.
Nipa awọn iṣoro ti o wọpọ pẹlu Docker ati awọn solusan wọn tẹlẹ , loni Emi yoo ṣe apejuwe ni ṣoki imuse lati Awọn apoti Kata. Awọn apoti Kata jẹ akoko asiko eiyan to ni aabo ti o da lori awọn ẹrọ foju iwuwo fẹẹrẹ. Nṣiṣẹ pẹlu wọn jẹ kanna bii pẹlu awọn apoti miiran, ṣugbọn ni afikun ipinya ti o ni igbẹkẹle diẹ sii wa nipa lilo imọ-ẹrọ agbara ohun elo. Ise agbese na bẹrẹ ni ọdun 2017, nigbati agbegbe ti orukọ kanna ti pari idapọ ti awọn ero ti o dara julọ lati Intel Clear Containers ati Hyper.sh RunV, lẹhin eyi iṣẹ tẹsiwaju lori atilẹyin fun orisirisi awọn ile-iṣẹ, pẹlu AMD64, ARM, IBM p- and z -jara. Ni afikun, iṣẹ ni atilẹyin inu awọn hypervisors QEMU, Firecracker, ati pe iṣọpọ tun wa pẹlu apoti. Awọn koodu wa ni labẹ iwe-aṣẹ MIT.
Awọn ẹya pataki
- Nṣiṣẹ pẹlu ipilẹ ti o yatọ, nitorinaa n pese nẹtiwọọki, iranti ati ipinya I / O, o ṣee ṣe lati fi ipa mu lilo ipinya ohun elo ti o da lori awọn amugbooro agbara.
- Atilẹyin fun awọn iṣedede ile-iṣẹ pẹlu OCI (kika apoti), Kubernetes CRI
- Iṣe deede ti awọn apoti Linux deede, ipinya pọ si laisi iṣẹ ṣiṣe ti awọn VM deede
- Imukuro iwulo lati ṣiṣe awọn apoti inu awọn ẹrọ foju kikun-kikun, awọn atọkun jeneriki jẹ ki iṣọpọ jẹ irọrun ati ifilọlẹ
eto
Nibẹ ni o wa awọn aṣayan fifi sori ẹrọ, Emi yoo ronu fifi sori ẹrọ lati awọn ibi ipamọ, da lori ẹrọ iṣẹ ṣiṣe Centos 7.
pataki: Kata Containers iṣẹ ni atilẹyin nikan lori hardware, ipasẹ firanšẹ siwaju ko nigbagbogbo ṣiṣẹ, tun nilo sse4.1 support lati ero isise.
Fifi awọn apoti Kata jẹ ohun rọrun:
Fi awọn ohun elo fun ṣiṣẹ pẹlu awọn ibi ipamọ:
# yum -y install yum-utilsPa Selinux kuro (o tọ diẹ sii lati tunto, ṣugbọn fun ayedero Mo mu u ṣiṣẹ):
# setenforce 0
# sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/configA sopọ ibi ipamọ ati ṣe fifi sori ẹrọ
# source /etc/os-release
# ARCH=$(arch)
# BRANCH="${BRANCH:-stable-1.10}"
# yum-config-manager --add-repo "http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/${BRANCH}/CentOS_${VERSION_ID}/home:katacontainers:releases:${ARCH}:${BRANCH}.repo"
# yum -y install kata-runtime kata-proxy kata-shimṢe akanṣe
Emi yoo ṣeto lati ṣiṣẹ pẹlu docker, fifi sori rẹ jẹ aṣoju, Emi kii yoo ṣe apejuwe rẹ ni awọn alaye diẹ sii:
# rpm -qa | grep docker
docker-ce-cli-19.03.6-3.el7.x86_64
docker-ce-19.03.6-3.el7.x86_64
# docker -v
Docker version 19.03.6, build 369ce74a3cA ṣe awọn ayipada si daemon.json:
# cat <<EOF > /etc/docker/daemon.json
{
"default-runtime": "kata-runtime",
"runtimes": {
"kata-runtime": {
"path": "/usr/bin/kata-runtime"
}
}
}
EOFTun docker bẹrẹ:
# service docker restartṢayẹwo iṣẹ-ṣiṣe
Ti o ba bẹrẹ eiyan ṣaaju ki o to tun docker bẹrẹ, o le rii pe uname yoo fun ẹya ekuro ti n ṣiṣẹ lori eto akọkọ:
# docker run busybox uname -a
Linux 19efd7188d06 3.10.0-1062.12.1.el7.x86_64 #1 SMP Tue Feb 4 23:02:59 UTC 2020 x86_64 GNU/LinuxLẹhin atunbẹrẹ, ẹya ekuro dabi eyi:
# docker run busybox uname -a
Linux 9dd1f30fe9d4 4.19.86-5.container #1 SMP Sat Feb 22 01:53:14 UTC 2020 x86_64 GNU/LinuxAwọn ẹgbẹ diẹ sii!
# time docker run busybox mount
kataShared on / type 9p (rw,dirsync,nodev,relatime,mmap,access=client,trans=virtio)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev type tmpfs (rw,nosuid,size=65536k,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,relatime,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,xattr,name=systemd)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (ro,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (ro,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/pids type cgroup (ro,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,cpuset)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)
kataShared on /etc/resolv.conf type 9p (rw,dirsync,nodev,relatime,mmap,access=client,trans=virtio)
kataShared on /etc/hostname type 9p (rw,dirsync,nodev,relatime,mmap,access=client,trans=virtio)
kataShared on /etc/hosts type 9p (rw,dirsync,nodev,relatime,mmap,access=client,trans=virtio)
proc on /proc/bus type proc (ro,relatime)
proc on /proc/fs type proc (ro,relatime)
proc on /proc/irq type proc (ro,relatime)
proc on /proc/sys type proc (ro,relatime)
tmpfs on /proc/acpi type tmpfs (ro,relatime)
tmpfs on /proc/timer_list type tmpfs (rw,nosuid,size=65536k,mode=755)
tmpfs on /sys/firmware type tmpfs (ro,relatime)
real 0m2.381s
user 0m0.066s
sys 0m0.039s# time docker run busybox free -m
total used free shared buff/cache available
Mem: 1993 30 1962 0 1 1946
Swap: 0 0 0
real 0m3.297s
user 0m0.086s
sys 0m0.050sYara fifuye igbeyewo
Lati ṣe ayẹwo awọn adanu lati agbara ipa - Mo ṣiṣe sysbench, bi awọn apẹẹrẹ akọkọ .
Ṣiṣẹ sysbench nipa lilo Docker+eiyan
Idanwo isise
sysbench 1.0: multi-threaded system evaluation benchmark
Running the test with following options:
Number of threads: 1
Initializing random number generator from current time
Prime numbers limit: 20000
Initializing worker threads...
Threads started!
General statistics:
total time: 36.7335s
total number of events: 10000
total time taken by event execution: 36.7173s
response time:
min: 3.43ms
avg: 3.67ms
max: 8.34ms
approx. 95 percentile: 3.79ms
Threads fairness:
events (avg/stddev): 10000.0000/0.00
execution time (avg/stddev): 36.7173/0.00Ramu igbeyewo
sysbench 1.0: multi-threaded system evaluation benchmark
Running the test with following options:
Number of threads: 1
Initializing random number generator from current time
Initializing worker threads...
Threads started!
Operations performed: 104857600 (2172673.64 ops/sec)
102400.00 MiB transferred (2121.75 MiB/sec)
General statistics:
total time: 48.2620s
total number of events: 104857600
total time taken by event execution: 17.4161s
response time:
min: 0.00ms
avg: 0.00ms
max: 0.17ms
approx. 95 percentile: 0.00ms
Threads fairness:
events (avg/stddev): 104857600.0000/0.00
execution time (avg/stddev): 17.4161/0.00Ṣiṣẹ sysbench nipa lilo Awọn apoti Docker +Kata
Idanwo isise
sysbench 1.0: multi-threaded system evaluation benchmark
Running the test with following options:
Number of threads: 1
Initializing random number generator from current time
Prime numbers limit: 20000
Initializing worker threads...
Threads started!
General statistics:
total time: 36.5747s
total number of events: 10000
total time taken by event execution: 36.5594s
response time:
min: 3.43ms
avg: 3.66ms
max: 4.93ms
approx. 95 percentile: 3.77ms
Threads fairness:
events (avg/stddev): 10000.0000/0.00
execution time (avg/stddev): 36.5594/0.00Ramu igbeyewo
sysbench 1.0: multi-threaded system evaluation benchmark
Running the test with following options:
Number of threads: 1
Initializing random number generator from current time
Initializing worker threads...
Threads started!
Operations performed: 104857600 (2450366.94 ops/sec)
102400.00 MiB transferred (2392.94 MiB/sec)
General statistics:
total time: 42.7926s
total number of events: 104857600
total time taken by event execution: 16.1512s
response time:
min: 0.00ms
avg: 0.00ms
max: 0.43ms
approx. 95 percentile: 0.00ms
Threads fairness:
events (avg/stddev): 104857600.0000/0.00
execution time (avg/stddev): 16.1512/0.00Ni opo, ipo naa ti han tẹlẹ, ṣugbọn o dara julọ lati ṣiṣe awọn idanwo ni ọpọlọpọ igba, yọkuro awọn ita ati aropin awọn abajade, nitorinaa Emi ko ṣe awọn idanwo diẹ sii sibẹsibẹ.
awari
Bíótilẹ o daju pe iru awọn apoti gba nipa marun si mẹwa ni igba to gun lati bẹrẹ soke (akoko ṣiṣe deede fun iru awọn aṣẹ nigba lilo apoti jẹ kere ju idamẹta ti iṣẹju kan), wọn tun ṣiṣẹ ni iyara ti a ba gba akoko ibẹrẹ pipe (nibẹ jẹ apẹẹrẹ loke, awọn aṣẹ ti a ṣe ni apapọ ti awọn aaya mẹta). O dara, awọn abajade ti idanwo iyara ti Sipiyu ati Ramu fihan fere awọn abajade kanna, eyiti ko le ṣugbọn yọ, paapaa ni ina ti o daju pe a pese ipinya ni lilo iru ẹrọ ṣiṣe daradara bi kvm.
Ikede
Nkan naa jẹ atunyẹwo, ṣugbọn o fun ọ ni aye lati lero akoko asiko yiyan. Ọpọlọpọ awọn agbegbe ti ohun elo ko ni bo, fun apẹẹrẹ, aaye naa ṣe apejuwe agbara lati ṣiṣe Kubernetes lori oke Awọn apoti Kata. Ni afikun, o tun le ṣiṣẹ lẹsẹsẹ awọn idanwo lojutu lori wiwa awọn iṣoro aabo, ṣeto awọn ihamọ, ati awọn nkan ti o nifẹ si.
Mo beere lọwọ gbogbo awọn ti o ti ka ati tun pada nibi lati kopa ninu iwadi naa, eyiti awọn atẹjade ọjọ iwaju lori koko yii yoo dale lori.
Awọn olumulo ti o forukọsilẹ nikan le kopa ninu iwadi naa. , Jowo.
Ṣe Mo le tẹsiwaju lati ṣe atẹjade awọn nkan nipa Awọn apoti Kata bi?
-
80,0%Bẹẹni, kọ diẹ sii!28
-
20,0%Rara, maṣe…7
35 olumulo dibo. 7 olumulo abstained.
orisun: www.habr.com