zoukankan      html  css  js  c++  java

  • /run/kata-containers/shared 和/run/kata-containers/sandbox/

    sharedVolume := &grpc.Storage{
	Driver:     kataVirtioFSDevType,
	Source:     mountGuestTag,
	MountPoint: kataGuestSharedDir(),
	Fstype:     typeVirtioFS,
	Options:    sharedDirVirtioFSOptions,
}

    其中,kataGuestSharedDir函数会返回共享目录在虚拟机内部的路径,也就是MountPoint的值:/run/kata-containers/shared/containers/

    OK,切换到kata-agent侧。当它收到gRPC调用请求后,内部的CreateSandbox函数开始执行(位于agent/grpc.go)。具体如下(我们省略了内核模块加载、命名空间创建等代码逻辑):

    func (a *agentGRPC) CreateSandbox(ctx context.Context, req *pb.CreateSandboxRequest) (*gpb.Empty, error) {
	if a.sandbox.running {
		return emptyResp, grpcStatus.Error(codes.AlreadyExists, "Sandbox already started, impossible to start again")
	}
	// 省略...
	if req.SandboxId != "" {
		a.sandbox.id = req.SandboxId
		agentLog = agentLog.WithField("sandbox", a.sandbox.id)
	}
	// 省略...
	mountList, err := addStorages(ctx, req.Storages, a.sandbox)
	if err != nil {
		return emptyResp, err
	}

	a.sandbox.mounts = mountList

	if err := setupDNS(a.sandbox.network.dns); err != nil {
		return emptyResp, err
	}

	return emptyResp, nil
}
     

    可以看到,在收到请求后,kata-agent会调用addStorages函数去根据kata-runtime的指令挂载共享目录,经过深入,该函数最终会调用mountStorage函数执行挂载操作:

    // mountStorage performs the mount described by the storage structure.
func mountStorage(storage pb.Storage) error {
	flags, options := parseMountFlagsAndOptions(storage.Options)

	return mount(storage.Source, storage.MountPoint, storage.Fstype, flags, options)
}
     

    这里的MountPoint即是来自kata-runtime的/run/kata-containers/shared/containers/。至此,宿主机与虚拟机的共享目录已经挂载到了虚拟机内,虚拟机内可以看到 kataShared on /run/kata-containers/shared/containers type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)。

    然后启动一个sanbox,含有两个container

     虚拟机内

    root@18b8dcedaa17:/# ls /run/kata-containers/sandbox/
shm
root@18b8dcedaa17:/# ls /run/kata-containers/sandbox/shm/
root@18b8dcedaa17:/# ls /run/kata-containers/shared/      
containers
root@18b8dcedaa17:/# ls /run/kata-containers/shared/containers/
1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17
1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17-0f81abaf9060f557-hostname
1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17-5aaaecc89c7f8d13-resolv.conf
1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17-6779826930a56c7d-termination-log
1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17-ca385daf570cb47c-hosts
1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17-fc3cf384fd3e4033-serviceaccount
305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234
305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234-2be2622527455e68-hosts
305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234-300eba408df2147e-serviceaccount
305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234-3716f5b2ee1a098a-termination-log
305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234-3c43e1d663a91471-hostname
305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234-4b228cb7c9ac9961-resolv.conf
3a832f76675083fe75a1603bf246e2fa00720d23afb975167424564be84d197e
root@18b8dcedaa17:/# mount
/dev/vda1 on / type ext4 (ro,relatime,errors=remount-ro,data=ordered)
devtmpfs on /dev type devtmpfs (rw,relatime,size=1023732k,nr_inodes=255933,mode=755)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=27,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /dev/mqueue type mqueue (rw,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
nsfs on /run/sandbox-ns/ipc type nsfs (rw)
nsfs on /run/sandbox-ns/uts type nsfs (rw)
kataShared on /run/kata-containers/shared/containers type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)
shm on /run/kata-containers/sandbox/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)
root@18b8dcedaa17:/# ls  /run/kata-containers/sandbox/shm
root@18b8dcedaa17:/# 
root@18b8dcedaa17:/# ls  /run/kata-containers/sandbox/   
shm
root@18b8dcedaa17:/#

    host第一个container

    root@ubuntu:/usr/share/kata-containers# mount | grep 305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234 | grep overlay
overlay on /run/containerd/io.containerd.runtime.v2.task/k8s.io/305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/388/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/395/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/395/work,xino=off)
overlay on /run/kata-containers/shared/sandboxes/3a832f76675083fe75a1603bf246e2fa00720d23afb975167424564be84d197e/mounts/305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/388/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/395/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/395/work,xino=off)
overlay on /run/kata-containers/shared/sandboxes/3a832f76675083fe75a1603bf246e2fa00720d23afb975167424564be84d197e/shared/305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/388/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/395/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/395/work,xino=off)
root@ubuntu:/usr/share/kata-containers#

    host 第二个container

    root@ubuntu:/usr/share/kata-containers# mount | grep 1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17 | grep overlay
overlay on /run/containerd/io.containerd.runtime.v2.task/k8s.io/1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/386/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/385/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/384/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/383/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/382/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/394/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/394/work,xino=off)
overlay on /run/kata-containers/shared/sandboxes/3a832f76675083fe75a1603bf246e2fa00720d23afb975167424564be84d197e/mounts/1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/386/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/385/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/384/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/383/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/382/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/394/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/394/work,xino=off)
overlay on /run/kata-containers/shared/sandboxes/3a832f76675083fe75a1603bf246e2fa00720d23afb975167424564be84d197e/shared/1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/386/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/385/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/384/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/383/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/382/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/394/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/394/work,xino=off)
root@ubuntu:/usr/share/kata-containers#

    进入一个容器看到

    root@ubuntu:/usr/share/kata-containers# kubectl exec -it two-containers -c nginx-container -- /bin/bash
root@two-containers:/# 
root@two-containers:/# mount
kataShared on / type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev type tmpfs (rw,nosuid,size=65536k,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,relatime,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,xattr,name=systemd)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (ro,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/pids type cgroup (ro,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (ro,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,blkio)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)
kataShared on /etc/hosts type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)
kataShared on /dev/termination-log type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)
kataShared on /etc/hostname type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)
kataShared on /etc/resolv.conf type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)
kataShared on /usr/share/nginx/html type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)
kataShared on /run/secrets/kubernetes.io/serviceaccount type 9p (ro,relatime,dirsync,mmap,access=client,trans=virtio)
proc on /proc/bus type proc (ro,relatime)
proc on /proc/fs type proc (ro,relatime)
proc on /proc/irq type proc (ro,relatime)
proc on /proc/sys type proc (ro,relatime)
tmpfs on /proc/timer_list type tmpfs (rw,nosuid,size=65536k,mode=755)
tmpfs on /sys/firmware type tmpfs (ro,relatime)
    root@ubuntu:/usr/share/kata-containers# kubectl exec -it two-containers -c debian-container -- /bin/bash
root@two-containers:/# ls
bin  boot  dev  etc  home  lib  media  mnt  opt  pod-data  proc  root  run  sbin  srv  sys  tmp  usr  var
root@two-containers:/# mount
kataShared on / type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev type tmpfs (rw,nosuid,size=65536k,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,relatime,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,xattr,name=systemd)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (ro,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/pids type cgroup (ro,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (ro,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,blkio)
kataShared on /pod-data type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)
kataShared on /etc/hosts type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)
kataShared on /dev/termination-log type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)
kataShared on /etc/hostname type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)
kataShared on /etc/resolv.conf type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)
kataShared on /run/secrets/kubernetes.io/serviceaccount type 9p (ro,relatime,dirsync,mmap,access=client,trans=virtio)
proc on /proc/bus type proc (ro,relatime)
proc on /proc/fs type proc (ro,relatime)
proc on /proc/irq type proc (ro,relatime)
proc on /proc/sys type proc (ro,relatime)
tmpfs on /proc/timer_list type tmpfs (rw,nosuid,size=65536k,mode=755)
tmpfs on /sys/firmware type tmpfs (ro,relatime)
  • 相关阅读:
    手机摇一摇代码
    ftp
    .net 设置导航的当前状态
    app 尺寸
    繁简体 互转 js
    静态页分页效果
    判断浏览器
    python列表,元组,字典和字符串之间的相互转换
    uliweb框架数据库操作
    uliweb的模版
  • 原文地址:https://www.cnblogs.com/dream397/p/14024780.html
Copyright © 2011-2022 走看看