Archana Shinde amshinde

Install rust

https://rustup.rs

Install the rust language server and clippy tools:

$ rustup component add rustfmt rls
$ rustup component add clippy

Prepare the host

Get the image clear-XXXXX-kvm.img

wget https://download.clearlinux.org/releases/30080/clear/clear-30080-kvm.img.xz
unxz clear-30080-kvm.img.xz

Add intel_iommu=on to the kernel boot parameters

mkdir mount_dir

$ sudo bpftrace -e 'tracepoint:napi:napi_poll /comm == "ping"/ { printf("%s\n", comm) }'
Attaching 1 probe...
ping
ping
ping

$ sudo bpftrace -e 'tracepoint:napi:napi_poll /comm == "ping"/ { printf("%d\n", args->work) }'

This is only a trace on vxlan interface on the host. not from within container namespace

  ping-26819 [001]  3678.931358: fib_table_lookup:     table 254 oif 0 iif 1 proto 17 0.0.0.0/40784 -> 10.244.2.4/1025 tos 0 scope 0 flags 0 ==> dev flannel.1 gw 10.244.2.0 src 10.244.0.0 err 0
  ping-26819 [001]  3678.931387: fib_table_lookup:     table 254 oif 0 iif 1 proto 17 10.244.0.0/40784 -> 10.244.2.4/1025 tos 0 scope 0 flags 0 ==> dev flannel.1 gw 10.244.2.0 src 10.244.0.0 err 0
  ping-26819 [001]  3678.931468: fib_table_lookup:     table 254 oif 0 iif 1 proto 1 0.0.0.0/0 -> 10.244.2.4/0 tos 0 scope 0 flags 0 ==> dev flannel.1 gw 10.244.2.0 src 10.244.0.0 err 0
  ping-26819 [001]  3678.931485: fib_table_lookup:     table 255 oif 0 iif 0 proto 0 0.0.0.0/0 -> 10.244.2.4/0 tos 0 scope 0 flags 0 ==> dev flannel.1 gw 10.244.2.0 src 10.244.0.0 err 0
  ping-26819 [001]  3678.931499: net_dev_queue:        dev=flannel.1 skbaddr=0xffff919236689800 len=98
  ping-26819 [001]  3678.931500: net_dev_start_xmit:   dev=flann

Overview

The goal of this document to cover all aspects of Kubernetes management, including how resources are expressed, constrained and accounted for. This started a way to ensure that alternate container runtime implementation like Kata containers will behave from a resource accounting and consumption point of view in the same manner as runc.

Location of the latest version of this document: https://gist.github.com/mcastelino/b8ce9a70b00ee56036dadd70ded53e9f

If you do not understand cgroups please refer to a quick primer at the bottom of this document. This will help you understand how the resource enforcement actually works.

Kubernetes Resource Management

backdoor-image

Description

backdoor-image can be used to easily add user with passwordless sudo access to a image or a root filesystem.

Operating on an image requires the 'mount-image-callback' tool from cloud-utils. That can be installed on ubuntu via apt-get install -qy cloud-image-utils.

How to do a Kata Containers Release

Hi if you are reading this document you may also want to create a kata Containers Release.

The Kata Containers Release Process is defined in the follwoing documents.

https://github.com/kata-containers/documentation/blob/master/Releases.md

To simply the process of read each release we have created a checklist for it.

https://software.intel.com/sites/default/files/managed/c5/15/vt-directed-io-spec.pdf

• Legacy pin interrupts

— For devices that use legacy methods for interrupt routing (such as either through direct wiring to the I/OxAPIC input pins, or through INTx messages), the I/OxAPIC hardware generates the interrupt-request transaction. To identify the source of interrupt requests generated by I/OxAPICs, the interrupt-remapping hardware requires each I/OxAPIC in the platform (enumerated through the ACPI Multiple APIC Descriptor Tables (MADT)) to include a unique 16-bit source-id in its requests. BIOS reports the source-id for these I/OxAPICs via ACPI

	#!/bin/bash
	# -- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; --
	# ex: ts=8 sw=4 sts=4 et filetype=sh

	VMN=${VMN:=1}

	NEMU=~/build-x86_64/x86_64-softmmu/qemu-system-x86_64

	sudo $NEMU \
	-trace events=/tmp/events \

	for table in $(echo filter nat mangle raw security); do echo $table; iptables -L -v -n --line-numbers -t $table; done

	tcpdump -elnXXi