This tutorial describes how to install, configure and run Kata Containers* on Clear Linux* OS for Intel® Architecture. Kata Containers is an open source project dedicated to the development of a lightweight implementation of Virtual Machines (VMs) offering the speed of containers and the security of VMs.

Prerequisites

This tutorial assumes you have installed Clear Linux on your host system. For detailed instructions on installing Clear Linux on a bare metal system, visit the bare metal installation tutorial.

If you have Clear Containers installed on your Clear Linux system, then follow the migrate Clear Containers to Kata Containers tutorial.

Before you install any new packages, update Clear Linux with the following command:

sudo swupd update

Install Kata Containers

Kata Containers is included in the containers-virt bundle. To install the framework, enter:

sudo swupd bundle-add containers-virt

Configure Docker* to use Kata Containers by default

sudo mkdir -p /etc/systemd/system/docker.service.d/
cat <<EOF | sudo tee /etc/systemd/system/docker.service.d/kata-containers.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -D --add-runtime kata-runtime=/usr/bin/kata-runtime --default-runtime=kata-runtime
EOF

Restart the Docker and Kata Containers systemd services

sudo systemctl daemon-reload
sudo systemctl restart docker

Run Kata Containers

sudo docker run -ti busybox sh

Note

In cases where it is necessary to use a proxy server and your proxy environment variables are already set, run the following commands as a shell script to configure Docker:

docker_service_dir="/etc/systemd/system/docker.service.d/"
sudo mkdir -p "$docker_service_dir"
cat <<EOF | sudo tee "$docker_service_dir/proxy.conf"
[Service]
Environment="HTTP_PROXY=$http_proxy"
Environment="HTTPS_PROXY=$https_proxy"
EOF
echo "Reloading unit files and starting docker service"
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo docker info

Congratulations!

You have successfully installed and set up Kata Containers on Clear Linux* OS for Intel® Architecture.

More information about Docker in Clear Linux* OS for Intel® Architecture

Docker on Clear Linux* OS for Intel® Architecture provides a docker.service service file to start the Docker daemon. The daemon will use runc or kata-runtime depending on the environment:

If you are running Clear Linux on bare metal or on a VM with Nested Virtualization activated, Docker will use kata-runtime as the default runtime. If you are running Clear Linux on a VM without Nested Virtualization, Docker will use runc as the default runtime. It is not necessary to manually configure the runtime for Docker, since Docker itself will automatically use the one supported by the system.

To check which runtime your system is using, run:

sudo docker info | grep runtime