This tutorial describes how to install, configure and run Kata Containers* on Clear Linux* OS for Intel® Architecture. Kata Containers is an open source project dedicated to the development of a lightweight implementation of Virtual Machines (VMs) offering the speed of containers and the security of VMs.
This tutorial assumes you have installed Clear Linux on your host system. For detailed instructions on installing Clear Linux on a bare metal system, visit the bare metal installation tutorial.
If you have Clear Containers installed on your Clear Linux system, then follow the migrate Clear Containers to Kata Containers tutorial.
Before you install any new packages, update Clear Linux with the following command:
sudo swupd update
Install Kata Containers
Kata Containers is included in the containers-virt bundle. To install the framework, enter:
sudo swupd bundle-add containers-virt
Configure Docker* to use Kata Containers by default
sudo mkdir -p /etc/systemd/system/docker.service.d/ cat <<EOF | sudo tee /etc/systemd/system/docker.service.d/kata-containers.conf [Service] ExecStart= ExecStart=/usr/bin/dockerd -D --add-runtime kata-runtime=/usr/bin/kata-runtime --default-runtime=kata-runtime EOF
Restart the Docker and Kata Containers systemd services
sudo systemctl daemon-reload sudo systemctl restart docker
Run Kata Containers
sudo docker run -ti busybox sh
In cases where it is necessary to use a proxy server and your proxy environment variables are already set, run the following commands as a shell script to configure Docker:
docker_service_dir="/etc/systemd/system/docker.service.d/" sudo mkdir -p "$docker_service_dir" cat <<EOF | sudo tee "$docker_service_dir/proxy.conf" [Service] Environment="HTTP_PROXY=$http_proxy" Environment="HTTPS_PROXY=$https_proxy" EOF echo "Reloading unit files and starting docker service" sudo systemctl daemon-reload sudo systemctl restart docker sudo docker info
You have successfully installed and set up Kata Containers on Clear Linux* OS for Intel® Architecture.
More information about Docker in Clear Linux* OS for Intel® Architecture
Docker on Clear Linux* OS for Intel® Architecture provides a docker.service service file to start the Docker daemon. The daemon will use runc or kata-runtime depending on the environment:
If you are running Clear Linux on bare metal or on a VM with Nested Virtualization activated, Docker will use kata-runtime as the default runtime. If you are running Clear Linux on a VM without Nested Virtualization, Docker will use runc as the default runtime. It is not necessary to manually configure the runtime for Docker, since Docker itself will automatically use the one supported by the system.
To check which runtime your system is using, run:
sudo docker info | grep runtime