Skip to content

Latest commit

 

History

History
 
 

snap

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
snapcraft.yaml.in
snapcraft.yaml.in
 
 

README.md

Kata Containers snap image

This directory contains the resources needed to build the Kata Containers snap image.

Initial setup

Ubuntu 18.04

$ sudo apt-get install -y snapd snapcraft

Build snap image

Run next command at the root directory of the packaging repository.

$ make snap

Install snap (developer)

To install the resulting snap image, snap must be put in classic mode and the security confinement must be disabled (--classic). Also since the resulting snap has not been signed the verification of signature must be omitted (--dangerous).

$ sudo snap install --classic --dangerous kata-containers_[VERSION]_[ARCH].snap

Replace VERSION with the current version of Kata Containers and ARCH with the system architecture.

Configuring Kata Containers

By default Kata Containers snap image is mounted at /snap/kata-containers as a read-only file system, therefore default configuration file can not be edited. Fortunately kata-runtime supports loading a configuration file from another path than the default.

$ sudo mkdir -p /etc/kata-containers
$ sudo cp /snap/kata-containers/current/usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers/
$ $EDITOR /etc/kata-containers/configuration.toml

Integration with docker

the path to the runtime provided by the Kata Containers snap image is /snap/kata-containers/current/usr/bin/kata-runtime, this runtime must be added to dockerd via systemd or dockerd configuration file.

/etc/systemd/system/docker.service.d/runtime.conf

[Service]
ExecStart=/usr/bin/dockerd -D --add-runtime kata-runtime=/snap/kata-containers/current/usr/bin/kata-runtime --default-runtime=kata-runtime

or

/etc/docker/daemon.json

{
	"default-runtime": "kata-runtime",
	"runtimes": {
		"kata-runtime": {
			"path": "/snap/kata-containers/current/usr/bin/kata-runtime"
		}
	}
}

after having added the new runtime, the service must be reloaded and restarted

$ sudo systemctl daemon-reload
$ sudo systemctl restart docker

Limitations

The miniOS image is not included in the snap image as it is not possible for QEMU to open a guest RAM backing store on a read-only filesystem.