- Kata Containers snap image
- Initial setup
- Build snap image
- Install snap (developer)
- Integration with docker
- Limitations
This directory contains the resources needed to build the Kata Containers snap image.
Ubuntu 18.04
$ sudo apt-get install -y snapd snapcraft
Run next command at the root directory of the packaging repository.
$ make snap
To install the resulting snap image, snap must be put in classic mode and the security confinement must be disabled (--classic). Also since the resulting snap has not been signed the verification of signature must be omitted (--dangerous).
$ sudo snap install --classic --dangerous kata-containers_[VERSION]_[ARCH].snap
Replace VERSION
with the current version of Kata Containers and ARCH
with
the system architecture.
By default Kata Containers snap image is mounted at /snap/kata-containers
as a
read-only file system, therefore default configuration file can not be edited.
Fortunately kata-runtime supports loading a configuration file from another
path than the default.
$ sudo mkdir -p /etc/kata-containers
$ sudo cp /snap/kata-containers/current/usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers/
$ $EDITOR /etc/kata-containers/configuration.toml
the path to the runtime provided by the Kata Containers snap image is
/snap/kata-containers/current/usr/bin/kata-runtime
, this runtime must be added to
dockerd via systemd
or dockerd
configuration file.
/etc/systemd/system/docker.service.d/runtime.conf
[Service]
ExecStart=/usr/bin/dockerd -D --add-runtime kata-runtime=/snap/kata-containers/current/usr/bin/kata-runtime --default-runtime=kata-runtime
or
/etc/docker/daemon.json
{
"default-runtime": "kata-runtime",
"runtimes": {
"kata-runtime": {
"path": "/snap/kata-containers/current/usr/bin/kata-runtime"
}
}
}
after having added the new runtime, the service must be reloaded and restarted
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
The miniOS image is not included in the snap image as it is not possible for QEMU to open a guest RAM backing store on a read-only filesystem.