Skip to content

Latest commit

 

History

History
81 lines (59 loc) · 3.31 KB

background.md

File metadata and controls

81 lines (59 loc) · 3.31 KB
Raw

Kata Containers architecture background knowledge

The following sections explain some of the background concepts required to understand the architecture document.

Root filesystem

This document uses the term rootfs to refer to a root filesystem which is mounted as the top-level directory ("/") and often referred to as slash.

It is important to understand this term since the overall system uses multiple different rootfs's (as explained in the Environments section.

Container image

In the example command the user has specified the type of container they wish to run via the container image name: ubuntu. This image name corresponds to a container image that can be used to create a container with an Ubuntu Linux environment. Hence, in our example, the sh(1) command will be run inside a container which has an Ubuntu rootfs.

Note:

The term container image is confusing since the image in question is not a container: it is simply a set of files (an image) that can be used to create a container. The term container template would be more accurate but the term container image is commonly used so this document uses the standard term.

For the purposes of this document, the most important part of the example command line is the container image the user has requested. Normally, the container manager will pull (download) a container image from a remote site and store a copy locally. This local container image is used by the container manager to create an OCI bundle which will form the environment the container will run in. After creating the OCI bundle, the container manager launches a runtime which will create the container using the provided OCI bundle.

OCI bundle

To understand what follows, it is important to know at a high level how an OCI (Open Containers Initiative) compatible container is created.

An OCI compatible container is created by taking a container image and converting the embedded rootfs into an OCI rootfs bundle, or more simply, an OCI bundle.

An OCI bundle is a tar(1) archive normally created by a container manager which is passed to an OCI runtime which converts it into a full container rootfs. The bundle contains two assets:

  • A container image rootfs

    This is simply a directory of files that will be used to represent the rootfs for the container.

    For the example command, the directory will contain the files necessary to create a minimal Ubuntu root filesystem.

  • An OCI configuration file

    This is a JSON file called config.json.

    The container manager will create this file so that:

    • The root.path value is set to the full path of the specified container rootfs.

      In the example this value will be ubuntu.

    • The process.args array specifies the list of commands the user wishes to run. This is known as the workload.

      In the example the workload is sh(1).