Ukukhishwa kwephrojekthi ye-Kata Containers 3.2 kushicilelwe, kwakhiwa inqwaba yokuhlela ukukhishwa kweziqukathi kusetshenziswa ukuhlukaniswa okusekelwe ezindleleni ezigcwele ze-virtualization. Iphrojekthi yasungulwa ngabakwa-Intel kanye ne-Hyper ngokuhlanganisa Ama-Clear Containers kanye nobuchwepheshe be-runV. Ikhodi yephrojekthi ibhalwe ku-Go and Rust, futhi isatshalaliswa ngaphansi kwelayisensi ye-Apache 2.0. Ukuthuthukiswa kwalo msebenzi kwenganyelwe ithimba elisebenzayo elakhiwe ngaphansi kwenhlangano ezimele i-OpenStack Foundation, ehlanganisa izinkampani ezifana neCanonical, China Mobile, Dell/EMC, EasyStack, Google, Huawei, NetApp, Red Hat, SUSE kanye neZTE. .
I-Kata isekelwe esikhathini sokusebenza, esikuvumela ukuthi udale imishini ebonakalayo ehlangene esebenza usebenzisa i-hypervisor egcwele, esikhundleni sokusebenzisa iziqukathi zendabuko ezisebenzisa i-Linux kernel evamile futhi ehlukanisiwe kusetshenziswa izikhala zamagama namaqoqo. Ukusetshenziswa kwemishini ebonakalayo kukuvumela ukuthi ufinyelele izinga eliphezulu lokuphepha elivikela ekuhlaselweni okubangelwa ukuxhashazwa kobungozi ku-Linux kernel.
I-Kata Containers igxile ekuhlanganisweni kuzingqalasizinda ezikhona zokuhlukanisa iziqukathi ezinekhono lokusebenzisa imishini efanayo ebonakalayo ukuthuthukisa ukuvikelwa kweziqukathi zendabuko. Le phrojekthi ihlinzeka ngezindlela zokuqinisekisa ukuhambisana kwemishini engasindi enezingqalasizinda ezahlukahlukene zokuhlukanisa iziqukathi, amapulatifomu e-orchestration ye-container kanye nokucaciswa okufana ne-OCI (Open Container Initiative), i-CRI (I-Container Runtime Interface) kanye ne-CNI (I-Container Networking Interface). Amathuluzi ayatholakala ukuze ahlanganiswe ne-Docker, Kubernetes, QEMU kanye ne-OpenStack.
Ukuhlanganiswa nezinhlelo zokuphatha iziqukathi kufinyelelwa kusetshenziswa isendlalelo esilingisa ukuphathwa kwesiqukathi, esifinyelela umenzeli ophethe emshinini obonakalayo ngokusebenzisa isixhumi esibonakalayo se-gRPC kanye nommeleli okhethekile. Ngaphakathi kwendawo ebonakalayo, eyethulwa yi-hypervisor, kusetshenziswa i-Linux kernel eyenziwe kahle, equkethe kuphela isethi encane yamakhono adingekayo.
Njenge-hypervisor, isekela ukusetshenziswa kwe-Dragonball Sandbox (uhlelo lwe-KVM olulungiselelwe iziqukathi) ngekhithi yamathuluzi ye-QEMU, kanye ne-Firecracker ne-Cloud Hypervisor. Indawo yesistimu ihlanganisa i-daemon yokuqalisa kanye ne-ejenti. Umenzeli uhlinzeka ngokusetshenziswa kwezithombe zesiqukathi esichazwe umsebenzisi ngefomethi ye-OCI ye-Docker ne-CRI ye-Kubernetes. Uma isetshenziswa ngokubambisana ne-Docker, umshini ohlukile we-virtual wenziwa esitsheni ngasinye, i.e. Indawo esebenza phezu kwe-hypervisor isetshenziselwa ukwethulwa kwesidleke kweziqukathi.
Ukuze kuncishiswe ukusetshenziswa kwememori, kusetshenziswa indlela ye-DAX (ukufinyelela okuqondile ohlelweni lwefayela, ukweqa inqolobane yekhasi ngaphandle kokusebenzisa izinga ledivayisi yokuvimba), kanye nokuphindaphinda izindawo ezifanayo zenkumbulo, kusetshenziswa ubuchwepheshe be-KSM (Kernel Samepage Merging), obuvumela ukuthi ukuhlela ukwabelana kwezinsiza zesistimu yokusingatha futhi uxhume kumasistimu wezihambeli ahlukene wabelane ngesifanekiso sendawo yesistimu evamile.
Enguqulweni entsha:
- Ngaphezu kokusekelwa kwezakhiwo ze-AMD64 (x86_64), ukukhishwa kunikezwa i-ARM64 (Aarch64) kanye ne-s390 (IBM Z) yezakhiwo. Usekelo lwezakhiwo ze-ppc64le (IBM Power) lusathuthukiswa.
- Ukuze uhlele ukufinyelela ezithombeni zesiqukathi, kusetshenziswa isistimu yefayela ye-Nydus 2.2.0, esebenzisa amakheli wokuqukethwe ukuze kusebenze kahle nezithombe ezijwayelekile. I-Nydus isekela ukulayishwa kwezithombe lapho undiza (ukulandwa kuphela uma kudingeka), inikeza ukuphindaphinda kwedatha eyimpinda, futhi ingasebenzisa izingemuva ezihlukene ukuze ugcine isitoreji sangempela. Ukuhambisana kwe-POSIX kunikezwa (okufana ne-Composefs, ukuqaliswa kwe-Nydus kuhlanganisa amandla e-OverlayFS ne-EROFS noma i-FUSE module).
- Umphathi womshini obonakalayo we-Dragonball uhlanganiswe nesakhiwo esiyinhloko sephrojekthi ye-Kata Containers, manje ezothuthukiswa endaweni yokugcina abantu abaningi.
- Umsebenzi wokulungisa iphutha ungeziwe kunsizakalo ye-kata-ctl ukuze kuxhunywe emshinini obonakalayo ovela endaweni yokusingatha.
- Amandla okuphatha e-GPU anwetshiwe futhi usekelo lwengeziwe lokudlulisela phambili ama-GPU ezitsheni ukuze kwenziwe ikhompuyutha eyimfihlo (Isitsha Esiyimfihlo), esihlinzeka ngokubethela kwedatha, inkumbulo nesimo sokukhishwa ukuze kuvikelwe uma kwenzeka kuba sengozini yendawo yokusingatha noma i-hypervisor.
- Isistimu engaphansi yokuphatha amadivayisi asetshenziswa ezitsheni noma endaweni ye-sandbox yengezwe ku-Runtime-rs. Isekela ukusebenza nge-vfio, block, inethiwekhi nezinye izinhlobo zamadivayisi.
- Ukuhambisana ne-OCI Runtime 1.0.2 kanye ne-Kubernetes 1.23.1 kunikezwa.
- Kunconywa ukusebenzisa ukukhululwa kwe-6.1.38 nama-patches njenge-Linux kernel.
- Ukuthuthukiswa kudlulisiwe kusuka ekusebenziseni isistimu yokuhlanganisa eqhubekayo ye-Jenkins kuya ku-GitHub Actions.
Source: opennet.ru