sharedVolume := &grpc.Storage{
Driver: kataVirtioFSDevType,
Source: mountGuestTag,
MountPoint: kataGuestSharedDir(),
Fstype: typeVirtioFS,
Options: sharedDirVirtioFSOptions,
}其中,kataGuestSharedDir函数会返回共享目录在虚拟机内部的路径,也就是MountPoint的值:/run/kata-containers/shared/containers/。
OK,切换到kata-agent侧。当它收到gRPC调用请求后,内部的CreateSandbox函数开始执行(位于agent/grpc.go)。具体如下(我们省略了内核模块加载、命名空间创建等代码逻辑):
func (a *agentGRPC) CreateSandbox(ctx context.Context, req *pb.CreateSandboxRequest) (*gpb.Empty, error) {
if a.sandbox.running {
return emptyResp, grpcStatus.Error(codes.AlreadyExists, "Sandbox already started, impossible to start again")
}
// 省略...
if req.SandboxId != "" {
a.sandbox.id = req.SandboxId
agentLog = agentLog.WithField("sandbox", a.sandbox.id)
}
// 省略...
mountList, err := addStorages(ctx, req.Storages, a.sandbox)
if err != nil {
return emptyResp, err
}
a.sandbox.mounts = mountList
if err := setupDNS(a.sandbox.network.dns); err != nil {
return emptyResp, err
}
return emptyResp, nil
}
可以看到,在收到请求后,kata-agent会调用addStorages函数去根据kata-runtime的指令挂载共享目录,经过深入,该函数最终会调用mountStorage函数执行挂载操作:
// mountStorage performs the mount described by the storage structure.
func mountStorage(storage pb.Storage) error {
flags, options := parseMountFlagsAndOptions(storage.Options)
return mount(storage.Source, storage.MountPoint, storage.Fstype, flags, options)
}
这里的MountPoint即是来自kata-runtime的/run/kata-containers/shared/containers/。至此,宿主机与虚拟机的共享目录已经挂载到了虚拟机内,虚拟机内可以看到 kataShared on /run/kata-containers/shared/containers type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio)。
然后启动一个sanbox,含有两个container
虚拟机内
root@18b8dcedaa17:/# ls /run/kata-containers/sandbox/ shm root@18b8dcedaa17:/# ls /run/kata-containers/sandbox/shm/ root@18b8dcedaa17:/# ls /run/kata-containers/shared/ containers root@18b8dcedaa17:/# ls /run/kata-containers/shared/containers/ 1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17 1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17-0f81abaf9060f557-hostname 1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17-5aaaecc89c7f8d13-resolv.conf 1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17-6779826930a56c7d-termination-log 1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17-ca385daf570cb47c-hosts 1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17-fc3cf384fd3e4033-serviceaccount 305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234 305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234-2be2622527455e68-hosts 305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234-300eba408df2147e-serviceaccount 305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234-3716f5b2ee1a098a-termination-log 305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234-3c43e1d663a91471-hostname 305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234-4b228cb7c9ac9961-resolv.conf 3a832f76675083fe75a1603bf246e2fa00720d23afb975167424564be84d197e root@18b8dcedaa17:/# mount /dev/vda1 on / type ext4 (ro,relatime,errors=remount-ro,data=ordered) devtmpfs on /dev type devtmpfs (rw,relatime,size=1023732k,nr_inodes=255933,mode=755) sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755) tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) cgroup on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=27,pgrp=1,timeout=0,minproto=5,maxproto=5,direct) tmpfs on /tmp type tmpfs (rw,nosuid,nodev) hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M) mqueue on /dev/mqueue type mqueue (rw,relatime) fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime) nsfs on /run/sandbox-ns/ipc type nsfs (rw) nsfs on /run/sandbox-ns/uts type nsfs (rw) kataShared on /run/kata-containers/shared/containers type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio) shm on /run/kata-containers/sandbox/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k) root@18b8dcedaa17:/# ls /run/kata-containers/sandbox/shm root@18b8dcedaa17:/# root@18b8dcedaa17:/# ls /run/kata-containers/sandbox/ shm root@18b8dcedaa17:/#
host第一个container
root@ubuntu:/usr/share/kata-containers# mount | grep 305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234 | grep overlay overlay on /run/containerd/io.containerd.runtime.v2.task/k8s.io/305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/388/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/395/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/395/work,xino=off) overlay on /run/kata-containers/shared/sandboxes/3a832f76675083fe75a1603bf246e2fa00720d23afb975167424564be84d197e/mounts/305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/388/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/395/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/395/work,xino=off) overlay on /run/kata-containers/shared/sandboxes/3a832f76675083fe75a1603bf246e2fa00720d23afb975167424564be84d197e/shared/305bc8d55da977e13c79599d5ea30b023f8f65c08b3821f6ee9984abf7698234/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/388/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/395/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/395/work,xino=off) root@ubuntu:/usr/share/kata-containers#
host 第二个container
root@ubuntu:/usr/share/kata-containers# mount | grep 1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17 | grep overlay overlay on /run/containerd/io.containerd.runtime.v2.task/k8s.io/1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/386/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/385/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/384/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/383/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/382/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/394/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/394/work,xino=off) overlay on /run/kata-containers/shared/sandboxes/3a832f76675083fe75a1603bf246e2fa00720d23afb975167424564be84d197e/mounts/1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/386/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/385/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/384/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/383/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/382/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/394/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/394/work,xino=off) overlay on /run/kata-containers/shared/sandboxes/3a832f76675083fe75a1603bf246e2fa00720d23afb975167424564be84d197e/shared/1a04eedde9a05ecdf10065996daa46130d7e7ff3dbf5718b541e6763e90cfa17/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/386/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/385/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/384/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/383/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/382/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/394/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/394/work,xino=off) root@ubuntu:/usr/share/kata-containers#
进入一个容器看到
root@ubuntu:/usr/share/kata-containers# kubectl exec -it two-containers -c nginx-container -- /bin/bash root@two-containers:/# root@two-containers:/# mount kataShared on / type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev type tmpfs (rw,nosuid,size=65536k,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666) mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime) sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,relatime,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,xattr,name=systemd) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (ro,nosuid,nodev,noexec,relatime,net_cls,net_prio) cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/pids type cgroup (ro,nosuid,nodev,noexec,relatime,pids) cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (ro,nosuid,nodev,noexec,relatime,cpu,cpuacct) cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,blkio) shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k) kataShared on /etc/hosts type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio) kataShared on /dev/termination-log type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio) kataShared on /etc/hostname type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio) kataShared on /etc/resolv.conf type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio) kataShared on /usr/share/nginx/html type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio) kataShared on /run/secrets/kubernetes.io/serviceaccount type 9p (ro,relatime,dirsync,mmap,access=client,trans=virtio) proc on /proc/bus type proc (ro,relatime) proc on /proc/fs type proc (ro,relatime) proc on /proc/irq type proc (ro,relatime) proc on /proc/sys type proc (ro,relatime) tmpfs on /proc/timer_list type tmpfs (rw,nosuid,size=65536k,mode=755) tmpfs on /sys/firmware type tmpfs (ro,relatime)
root@ubuntu:/usr/share/kata-containers# kubectl exec -it two-containers -c debian-container -- /bin/bash root@two-containers:/# ls bin boot dev etc home lib media mnt opt pod-data proc root run sbin srv sys tmp usr var root@two-containers:/# mount kataShared on / type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev type tmpfs (rw,nosuid,size=65536k,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666) mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime) sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,relatime,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,xattr,name=systemd) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (ro,nosuid,nodev,noexec,relatime,net_cls,net_prio) cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/pids type cgroup (ro,nosuid,nodev,noexec,relatime,pids) cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (ro,nosuid,nodev,noexec,relatime,cpu,cpuacct) cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,blkio) kataShared on /pod-data type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio) kataShared on /etc/hosts type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio) kataShared on /dev/termination-log type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio) kataShared on /etc/hostname type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio) kataShared on /etc/resolv.conf type 9p (rw,nodev,relatime,dirsync,mmap,access=client,trans=virtio) shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k) kataShared on /run/secrets/kubernetes.io/serviceaccount type 9p (ro,relatime,dirsync,mmap,access=client,trans=virtio) proc on /proc/bus type proc (ro,relatime) proc on /proc/fs type proc (ro,relatime) proc on /proc/irq type proc (ro,relatime) proc on /proc/sys type proc (ro,relatime) tmpfs on /proc/timer_list type tmpfs (rw,nosuid,size=65536k,mode=755) tmpfs on /sys/firmware type tmpfs (ro,relatime)