I-Kata Containers 3.0 ihlanganisa ukwesekwa kwe-GPU, i-Linux 5.19.2, i-QEMU 6.2.0 nokuningi

Darkcrizt

Imizuzu ye-4

Iziqukathi ze-Kata

I-Kata Containers inikeza isikhathi sokusebenza esiphephile sesitsha esinemishini engasindi ebonakalayo

Ngemuva kweminyaka emibili yentuthuko, ukukhishwa kwephrojekthi ye-Kata Containers 3.0 kushicilelwe, lokho kuthuthuka isitaki sokuhlela iziqukathi ezigijimayo usebenzisa i-insulation ngokusekelwe ezindleleni eziphelele ze-virtualization.

Enhliziyweni yeKata isikhathi sokusebenza, esihlinzeka ngekhono lokudala imishini ebonakalayo ehlangene esebenza kusetshenziswa i-hypervisor egcwele, kunokusebenzisa iziqukathi ezivamile ezisebenzisa i-Linux kernel evamile futhi ehlukanisiwe kusetshenziswa izikhala zamagama namaqoqo.

Ukusetshenziswa kwemishini ebonakalayo kuvumela ukuzuza izinga eliphezulu lokuphepha elivikela ekuhlaselweni okubangelwa ukuxhashazwa kobungozi ku-Linux kernel.

Mayelana ne-Kata Containers

Iziqukathi ze-Kata igxile ekudidiyelweni kwezingqalasizinda ezizimele yeziqukathi ezikhona ezinekhono lokusebenzisa le mishini ebonakalayo ukuthuthukisa ukuvikelwa kweziqukathi zendabuko.

Le phrojekthi inikeza izindlela zokwenza imishini ebonakalayo engasindi ihambisane nezinhlaka ezihlukahlukene zokuzihlukanisa iziqukathi, izinkundla ze-orchestration, kanye nokucaciswa okufana ne-OCI, i-CRI, ne-CNI. Ukuhlanganiswa ne-Docker, Kubernetes, QEMU kanye ne-OpenStack kuyatholakala.

Ukuhlanganiswa ngezinhlelo zokuphatha iziqukathie kufinyelelwa ngosendlalelo esilingisa ukuphathwa kwesiqukathi, okuthi, ngesixhumi esibonakalayo se-gRPC kanye nommeleli okhethekile, ifinyelele i-ejenti yokulawula emshinini wokubuka. Njenge-hypervisor, ukusetshenziswa kwe-Dragonball Sandbox kuyasekelwa (inguqulo ye-KVM eyenziwe kahle esitsheni) ene-QEMU, kanye ne-Firecracker ne-Cloud Hypervisor. Imvelo yesistimu ihlanganisa i-daemon yokuqalisa kanye ne-ejenti.

I-ejenti isebenzisa izithombe zesiqukathi esichazwe umsebenzisi ngefomethi ye-OCI ye-Docker ne-CRI ye-Kubernetes. Ukunciphisa ukusetshenziswa kwememori, kusetshenziswa indlela ye-DAX kanye nobuchwepheshe be-KSM busetshenziselwa ukuphindaphinda izindawo zememori ezifanayo, okuvumela izinsiza zesistimu yokusingatha ukuthi zabiwe kanye namasistimu ezivakashi ahlukene ukuze axhumane nesifanekiso sendawo yesistimu evamile.

Amanoveli amakhulu e-Kata Containers 3.0

Enguqulweni entsha esinye isikhathi sokusebenza siyaphakanyiswa (i-runtime-rs), eyenza i-padding yokugoqa, ebhalwe ngolimi lwe-Rust (isikhathi sokusebenza esinikezwe ngenhla sibhalwe ngolimi lwesi-Go). isikhathi sokugijima isekela i-OCI, i-CRI-O ne-Containerd, okwenza ihambisane ne-Docker ne-Kubernetes.

Olunye ushintsho olugqamayo kule nguqulo entsha ye-Kata Containers 3.0 ukuthi manje futhi inokusekelwa kwe-GPU. Lokhu ihlanganisa ukusekelwa kwe-Virtual Function I/O (VFIO), okuvumela idivayisi ye-PCIe evikelekile, engenamalungelo kanye nezilawuli zesikhala somsebenzisi.

Kubuye kuqhakanjiswe lokho kusetshenziswe ukwesekwa kokushintsha izilungiselelo ngaphandle kokushintsha ifayela lokumisa eliyinhloko ngokushintsha amabhlogo kumafayela ahlukene atholakala kuhla lwemibhalo "config.d/". Izingxenye zokugqwala zisebenzisa umtapo wolwazi omusha ukuze zisebenze ngezindlela zamafayela ngokuphepha.

Futhi, Iphrojekthi entsha ye-Kata Containers isivele. Kuyiziqukathi eziyimfihlo, iphrojekthi ye-sandbox yomthombo ovulekile ye-Cloud-Native Computing Foundation (CNCF). Lo mphumela wokuhlukaniswa kweziqukathi ze-Kata Containers uhlanganisa ingqalasizinda ye-Trusted Execution Environments (TEE).

Of ezinye izinguquko okugqamile:

  • Kuphakanyiswe i-hypervisor entsha ye-dragonball esekelwe ku-KVM kanye ne-rust-vmm.
  • Kungezwe ukusekelwa kweqembu v2.
  • ingxenye ye-virtiofsd (ebhalwe ngo-C) ithathelwe indawo yi-virtiofsd-rs (ebhalwe ku-Rust).
  • Usekelo olungeziwe lokuhlukaniswa kwe-sandbox yezingxenye ze-QEMU.
  • I-QEMU isebenzisa i-io_uring API ye-asynchronous I/O.
  • Usekelo lwe-Intel TDX (Izandiso Zesizinda Esithenjwayo) ze-QEMU kanye ne-Cloud-hypervisor seluqaliwe.
  • Izingxenye ezibuyekeziwe: QEMU 6.2.0, Cloud-hypervisor 26.0, Firecracker 1.1.0, Linux 5.19.2.

Okokugcina kulabo abanentshisekelo kuphrojekthi, kufanele wazi ukuthi yadalwa i-Intel ne-Hyper ehlanganisa Iziqukathi Ezicacile kanye nobuchwepheshe be-runV.

Ikhodi yephrojekthi ibhalwe ku-Go and Rust futhi ikhishwa ngaphansi kwelayisensi ye-Apache 2.0. Ukuthuthukiswa kwephrojekthi kwenganyelwe ithimba elisebenzayo elakhiwe ngaphansi kwenhlangano ezimele i-OpenStack Foundation.

Ungathola okwengeziwe ngakho ku isixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.