Trying Kata Containers with Firecracker (and QEMU)
Clearlinux bundles Kata Containers as well a firecracker.
To quickly experience how Kata Containers can be used to setup a cluster that can run Kubernetes with different types of isolation mechanisms we have created a simple developer enviornment. With this you can run workloads with runc (using cgroups, namespaces provided by the host kernel for isolation), Kata with QEMU/KVM (uses VT-x for isolation and QEMU as the hypervisor) and Kata with Firecracker (uses VT-x for isolation and the minimal Firecracker VMM).
So you can match your isolation, security and feature requirement on a workload by workload basis.
Here is a quick start guide based on https://github.com/clearlinux/cloud-native-setup/blob/master/clr-k8s-examples/README.md
Assuming you have vagrant setup
git clone https://github.com/clearlinux/cloud-native-setup
cd ./cloud-native-setup/clr-k8s-examples
#Ensure the vagrant enviornment is current
vagrant destroy -f
vagrant box update
vagrant box prune
#Create a vagrant VM to run kubernetes
vagrant destroy -f; NODES=1 CPUS=8 vagrant up --provider=libvirt
#ssh into the vagrant VM
vagrant ssh clr-01
#Bring up a minimal kubernetes stack
/vagrant/create_stack.sh minimal
watch kubectl get po --all-namespaces
# Run a Kata POD using firecracker
kubectl apply -f /vagrant/tests/test-deploy-kata-fc.yaml
#Wait for the POD to come up
watch kubectl describe pod
#Check that it works
http_proxy="" https_proxy="" curl -w "\n" -s $(kubectl get svc php-apache-kata-fc | awk 'NR==2 {print $3}')
#Run a Kata POD using QEMU
kubectl apply -f /vagrant/tests/test-deploy-kata-qemu.yaml
http_proxy="" https_proxy="" curl -w "\n" -s $(kubectl get svc php-apache-kata-qemu | awk 'NR==2 {print $3}')
#Run a Kata POD using runc
kubectl apply -f /vagrant/tests/test-deploy-runc.yaml
http_proxy="" https_proxy="" curl -w "\n" -s $(kubectl get svc php-apache-runc | awk 'NR==2 {print $3}')
Share this recording
Link
Append ?t=30
to start the playback at 30s, ?t=3:20
to start the playback at 3m 20s.
Embed image link
Use snippets below to display a screenshot linking to this recording.
Useful in places where scripts are not allowed (e.g. in a project's README file).
HTML:
Markdown:
Embed the player
If you're embedding on your own page or on a site which permits script tags, you can use the full player widget:
Paste the above script tag where you want the player to be displayed on your page.
See embedding docs for additional options.
Download this recording
You can download this recording in asciicast v1 format, as a .json file.
DownloadReplay in terminal
You can replay the downloaded recording in your terminal using the
asciinema play
command:
asciinema play 219766.json
If you don't have asciinema CLI installed then see installation instructions.
Use with stand-alone player on your website
Download asciinema player from
the releases page
(you only need .js
and .css
file), then use it like this:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="asciinema-player.css" />
</head>
<body>
<div id="player"></div>
<script src="asciinema-player.min.js"></script>
<script>
AsciinemaPlayer.create(
'/assets/219766.json',
document.getElementById('player'),
{ cols: 119, rows: 42 }
);
</script>
</body>
</html>
See asciinema player quick-start guide for full usage instructions.
Generate GIF from this recording
While this site doesn't offer GIF conversion at the moment, you can still do it yourself with the help of asciinema GIF generator utility - agg.
Once you have it installed run the following command to create GIF file:
agg https://asciinema.org/a/219766 219766.gif
Or, if you already downloaded the recording file:
agg 219766.json 219766.gif
Check agg --help
for all available options. You can change font
family and size, select color theme, adjust speed and more.
See agg manual for full usage instructions.