From 83b2116b40595fcb28b00a66cb60dee13e3b4a84 Mon Sep 17 00:00:00 2001 From: wu-donger Date: Thu, 6 Mar 2025 19:52:04 +0800 Subject: [PATCH] =?UTF-8?q?cloud=E6=96=87=E6=A1=A3=E5=85=A8=E9=87=8F?= =?UTF-8?q?=E8=BF=81=E7=A7=BB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ClusterDeployment/Kubernetes/_menu.md | 38 + ...deploying-a-Kubernetes-cluster-manually.md | 0 .../Kubernetes/deploying-a-node-component.md | 0 .../deploying-control-plane-components.md | 0 .../Kubernetes/eggo-automatic-deployment.md | 0 .../Kubernetes/eggo-deploying-a-cluster.md | 0 .../Kubernetes/eggo-dismantling-a-cluster.md | 0 .../Kubernetes/eggo-tool-introduction.md | 0 .../Kubernetes/figures/advertiseAddress.png | Bin .../Kubernetes/figures/arch.png | Bin .../Kubernetes/figures/flannelConfig.png | Bin .../Kubernetes/figures/name.png | Bin .../Kubernetes/figures/podSubnet.png | Bin .../Kubernetes/installing-etcd.md | 0 ...talling-the-Kubernetes-software-package.md | 0 .../Kubernetes/kubernetes-containerd.md | 0 .../Kubernetes/kubernetes-faqs.md | 26 +- .../ClusterDeployment/Kubernetes/overview.md} | 0 .../Kubernetes/preparing-VMs.md | 0 .../Kubernetes/preparing-certificates.md | 0 .../public_sys-resources/icon-note.gif | Bin .../Kubernetes/running-the-test-pod.md | 0 .../ClusterDeployment/iSulad+k8s/_menu.md | 14 + ...0\350\246\201\351\225\234\345\203\217.png" | Bin ...1\347\233\256\345\220\215\347\247\260.jpg" | Bin ....\350\256\276\347\275\256-cicd-runner.png" | Bin ...0\344\270\216\344\273\244\347\211\214.jpg" | Bin ...5\347\275\256\346\226\207\344\273\266.png" | Bin ...4\345\205\245\346\226\207\344\273\266.png" | Bin ...\346\263\250\345\206\214gitlab-runner.jpg" | Bin ...45\267\262\345\212\240\345\205\245_LI.jpg" | Bin .../iSulad+k8s/figures/17.png | Bin .../18.dns\351\205\215\347\275\256.png" | Bin .../19.CICD\347\225\214\351\235\242.png" | Bin .../2.calico\351\205\215\347\275\256.png" | Bin .../20.yaml\346\226\207\344\273\266.png" | Bin ...4\347\272\277\347\212\266\346\200\201.png" | Bin .../iSulad+k8s/figures/3.png | Bin ...1\351\241\265\345\205\245\345\217\243.jpg" | Bin ...5\350\257\242\345\257\206\347\240\201.jpg" | Bin ...5\345\220\216\351\241\265\351\235\242.png" | Bin .../figures/7.\351\225\234\345\203\217.png" | Bin ...0\345\273\272\351\241\271\347\233\256.png" | Bin ...2\347\231\275\351\241\271\347\233\256.png" | Bin .../public_sys-resources/icon-note.gif | Bin .../iSulad+k8s/gitlab-deploy.md | 6 +- .../iSulad+k8s/gitlab-runner-deploy.md | 31 +- .../iSulad+k8s-environment-deploy.md | 3 +- .../ClusterDeployment/iSulad+k8s/overview.md | 1 + .../ContainerEngine/DockerEngine/_menu.md | 27 + .../DockerEngine/command-reference.md | 0 .../DockerEngine/container-engine.md | 0 .../DockerEngine/container-management-1.md | 8 +- .../DockerEngine/container-management-2.md | 3 +- .../DockerEngine/docker-faqs.md | 0 .../DockerEngine/image-management-1.md | 0 .../DockerEngine/image-management-2.md | 0 .../installation-and-configuration-3.md | 23 +- .../ContainerEngine/DockerEngine/overview.md | 5 +- .../public_sys-resources/icon-caution.gif | Bin .../public_sys-resources/icon-danger.gif | Bin .../public_sys-resources}/icon-note.gif | Bin .../public_sys-resources/icon-notice.gif | Bin .../public_sys-resources/icon-tip.gif | Bin .../public_sys-resources/icon-warning.gif | Bin .../DockerEngine/statistics.md | 0 .../iSulaContainerEngine/_menu.md | 56 + .../iSulaContainerEngine/appendix.md | 0 .../application-scenarios.md | 0 .../checking-the-container-health-status.md | 0 .../container-management.md | 6 +- .../container-resource-management.md | 15 +- .../iSulaContainerEngine/cri-2.md | 4 +- .../iSulaContainerEngine/cri.md | 1540 ++++------------- .../iSulaContainerEngine/errorLabelCheck.py | 121 ++ .../figures/zh-cn_image_0183048952.png | Bin .../iSulaContainerEngine/image-management.md | 0 .../installation-configuration.md | 16 +- .../installation-upgrade-Uninstallation.md | 0 ...onnecting-isula-shim-v2-with-stratovirt.md | 2 +- .../interconnection-with-the-cni-network.md | 2 +- .../iSulaContainerEngine/isula-faqs.md | 0 .../isulad-support-cdi.md | 240 +-- .../isulad-support-cgroup-v2.md | 0 .../isulad-support-nri.md | 0 .../local-volume-management.md | 0 .../iSulaContainerEngine/overview.md | 0 .../privileged-container.md | 0 .../public_sys-resources/icon-caution.gif | Bin .../public_sys-resources/icon-danger.gif | Bin .../public_sys-resources/icon-note.gif | Bin .../public_sys-resources/icon-notice.gif | Bin .../public_sys-resources/icon-tip.gif | Bin .../public_sys-resources/icon-warning.gif | Bin .../querying-information.md | 0 .../iSulaContainerEngine/security-features.md | 6 +- .../supporting-oci-hooks.md | 0 .../iSulaContainerEngine/uninstallation.md | 0 .../iSulaContainerEngine/upgrade-methods.md | 2 +- .../ContainerForm/SecureContainer/_menu.md | 21 + .../SecureContainer/appendix-2.md | 5 +- .../application-scenarios-2.md | 5 +- ...guring-resources-for-a-secure-container.md | 2 +- .../SecureContainer/figures/kata-arch.png | Bin .../figures/zh_cn_image_0221924928.png | Bin .../installation-and-deployment-2.md | 6 +- ...ing-the-lifecycle-of-a-secure-container.md | 5 +- .../monitoring-secure-containers.md | 0 .../ContainerForm/SecureContainer/overview.md | 5 +- .../public_sys-resources/icon-caution.gif | Bin .../public_sys-resources/icon-danger.gif | Bin .../public_sys-resources/icon-note.gif | Bin .../public_sys-resources/icon-notice.gif | Bin .../public_sys-resources/icon-tip.gif | Bin .../public_sys-resources/icon-warning.gif | Bin .../ContainerForm/SystemContainer/_menu.md | 37 + .../SystemContainer/appendix-1.md | 2 +- .../configurable-cgroup-path.md | 0 .../dynamically-loading-the-kernel-module.md | 2 +- ...container-resources-syscontainer-tools.md} | 1 + .../environment-variable-persisting.md | 0 .../SystemContainer/installation-guideline.md | 5 +- .../maximum-number-of-handles.md | 0 .../SystemContainer/overview.md} | 0 .../public_sys-resources/icon-caution.gif | Bin .../public_sys-resources/icon-danger.gif | Bin .../public_sys-resources/icon-note.gif | Bin .../public_sys-resources/icon-notice.gif | Bin .../public_sys-resources/icon-tip.gif | Bin .../public_sys-resources/icon-warning.gif | Bin .../reboot-or-shutdown-in-a-container.md | 0 .../SystemContainer/security-and-isolation.md | 12 +- .../SystemContainer/shared-memory-channels.md | 2 +- ...specifying-rootfs-to-create-a-container.md | 5 +- .../SystemContainer/usage-guide.md | 5 +- .../using-systemd-to-start-a-container.md | 0 .../writable-namespace-kernel-parameters.md | 0 .../zh/Cloud/ContainerRuntime/Kuasar/_menu.md | 14 + .../Kuasar/figures/kuasar_arch.png | Bin .../Kuasar/kuasar-appendix.md | 48 +- .../Kuasar/kuasar-install-config.md | 252 +-- .../ContainerRuntime/Kuasar/kuasar-usage.md | 185 +- .../ContainerRuntime/Kuasar/overview.md} | 25 +- .../public_sys-resources/icon-caution.gif | Bin .../public_sys-resources/icon-danger.gif | Bin .../public_sys-resources/icon-note.gif | Bin .../public_sys-resources/icon-notice.gif | Bin .../Kuasar}/public_sys-resources/icon-tip.gif | Bin .../public_sys-resources/icon-warning.gif | Bin .../Cloud/HybridDeployment/oncn-bwm/_menu.md | 8 + .../HybridDeployment/oncn-bwm/overview.md | 10 +- docs/zh/Cloud/HybridDeployment/rubik/_menu.md | 14 + ...-isolation-for-hybrid-deployed-services.md | 466 ++--- .../rubik/figures}/icon-note.gif | Bin .../HybridDeployment/rubik/http-apis.md | 134 +- .../rubik/installation-and-deployment.md | 6 +- .../HybridDeployment/rubik/overview.md | 34 +- .../Cloud/ImageBuilder/isula-build/_menu.md | 14 + .../isula-build/figures/isula-build_arch.png | Bin .../isula-build/isula-build-appendix.md | 0 .../isula-build/isula-build-faqs.md | 0 .../ImageBuilder/isula-build/isula-build.md | 14 +- .../ImageBuilder/isula-build/overview.md | 2 +- .../public_sys-resources/icon-caution.gif | Bin .../public_sys-resources/icon-danger.gif | Bin .../public_sys-resources/icon-note.gif | Bin .../public_sys-resources/icon-notice.gif | Bin .../public_sys-resources/icon-tip.gif | Bin .../public_sys-resources/icon-warning.gif | Bin docs/zh/Cloud/Kmesh/Kmesh/_menu.md | 18 + .../zh/Cloud/Kmesh/Kmesh/appendixes.md | 0 .../zh/Cloud/Kmesh/Kmesh/faqs.md | 2 +- .../Kmesh/figures/get_kubeconfig_error.png | Bin .../Kmesh/Kmesh/figures/kmesh-arch.png | Bin .../Kmesh/figures/not_set_cluster_ip.png | Bin .../Kmesh/Kmesh/getting-to-know-kmesh.md | 0 .../Kmesh/installation-and-deployment.md | 4 +- .../Kmesh/Kmesh/overview.md} | 0 .../zh/Cloud/Kmesh/Kmesh/usage.md | 0 docs/zh/Cloud/KubeOS/KubeOS/_menu.md | 16 + .../zh/Cloud/KubeOS/KubeOS/about-kubeos.md | 0 ...7\344\273\266\345\270\203\345\261\200.png" | Bin ...345\231\250OS\346\236\266\346\236\204.png" | Bin .../KubeOS/installation-and-deployment.md | 22 +- .../KubeOS/KubeOS/kubeos-image-creation.md | 338 ++-- .../{docs => Cloud}/KubeOS/KubeOS/overview.md | 0 .../public_sys-resources/icon-note.gif | Bin .../Cloud/KubeOS/KubeOS/usage-instructions.md | 21 +- docs/zh/Cloud/NestOS/NestOS/_menu.md | 12 + .../NestOS/NestOS/feature-description.md | 0 .../NestOS/NestOS/figures/figure1.png | Bin .../NestOS/NestOS/figures/figure2.png | Bin .../NestOS/NestOS/nestos-for-container.md | 2 +- .../{docs => Cloud}/NestOS/NestOS/overview.md | 0 docs/zh/Cloud/_menu.md | 35 + docs/zh/docs/1.py | 60 - .../Kubernetes/Menu/index.md | 19 - docs/zh/docs/ClusterDeployment/Menu/index.md | 6 - .../iSulad+k8s/Menu/index.md | 8 - .../DockerEngine/Menu/index.md | 14 - docs/zh/docs/ContainerEngine/Menu/index.md | 6 - .../iSulaContainerEngine/Menu/index.md | 28 - docs/zh/docs/ContainerForm/Menu/index.md | 6 - .../SecureContainer/Menu/index.md | 11 - .../SystemContainer/Menu/index.md | 11 - .../ContainerRuntime/Kuasar/Menu/index.md | 8 - docs/zh/docs/ContainerRuntime/Menu/index.md | 5 - docs/zh/docs/HybridDeployment/Menu/index.md | 6 - .../HybridDeployment/oncn-bwm/Menu/index.md | 5 - .../docs/HybridDeployment/rubik/Menu/index.md | 8 - docs/zh/docs/ImageBuilder/Menu/index.md | 5 - .../ImageBuilder/isula-build/Menu/index.md | 8 - docs/zh/docs/Kmesh/Kmesh/Menu/index.md | 10 - docs/zh/docs/Kmesh/Menu/index.md | 5 - docs/zh/docs/KubeOS/KubeOS/Menu/index.md | 9 - docs/zh/docs/KubeOS/Menu/index.md | 5 - docs/zh/docs/Menu/index.md | 13 - docs/zh/docs/NestOS/Menu/index.md | 5 - docs/zh/docs/NestOS/NestOS/Menu/index.md | 7 - docs/zh/docs/container.md | 18 - 220 files changed, 1762 insertions(+), 2535 deletions(-) create mode 100644 docs/zh/Cloud/ClusterDeployment/Kubernetes/_menu.md rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/deploying-a-Kubernetes-cluster-manually.md (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/deploying-a-node-component.md (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/deploying-control-plane-components.md (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/eggo-automatic-deployment.md (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/eggo-deploying-a-cluster.md (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/eggo-dismantling-a-cluster.md (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/eggo-tool-introduction.md (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/figures/advertiseAddress.png (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/figures/arch.png (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/figures/flannelConfig.png (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/figures/name.png (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/figures/podSubnet.png (100%) rename "docs/zh/docs/ClusterDeployment/Kubernetes/\345\256\211\350\243\205etcd.md" => docs/zh/Cloud/ClusterDeployment/Kubernetes/installing-etcd.md (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/installing-the-Kubernetes-software-package.md (100%) rename "docs/zh/docs/ClusterDeployment/Kubernetes/Kubernetes\351\233\206\347\276\244\351\203\250\347\275\262\346\214\207\345\215\2271.md" => docs/zh/Cloud/ClusterDeployment/Kubernetes/kubernetes-containerd.md (100%) rename "docs/zh/docs/ClusterDeployment/Kubernetes/kubernetes\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" => docs/zh/Cloud/ClusterDeployment/Kubernetes/kubernetes-faqs.md (97%) rename docs/zh/{docs/ClusterDeployment/Kubernetes/Kubernetes.md => Cloud/ClusterDeployment/Kubernetes/overview.md} (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/preparing-VMs.md (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/preparing-certificates.md (100%) rename docs/zh/{docs/KubeOS/KubeOS => Cloud/ClusterDeployment/Kubernetes}/public_sys-resources/icon-note.gif (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/Kubernetes/running-the-test-pod.md (100%) create mode 100644 docs/zh/Cloud/ClusterDeployment/iSulad+k8s/_menu.md rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/1.\346\237\245\347\234\213\351\234\200\350\246\201\351\225\234\345\203\217.png" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/1.\346\237\245\347\234\213\351\234\200\350\246\201\351\225\234\345\203\217.png" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/10.\350\207\252\345\256\232\344\271\211\351\241\271\347\233\256\345\220\215\347\247\260.jpg" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/10.\350\207\252\345\256\232\344\271\211\351\241\271\347\233\256\345\220\215\347\247\260.jpg" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/11.\350\256\276\347\275\256-cicd-runner.png" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/11.\350\256\276\347\275\256-cicd-runner.png" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/12.\350\256\260\344\270\213runner\345\234\260\345\235\200\344\270\216\344\273\244\347\211\214.jpg" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/12.\350\256\260\344\270\213runner\345\234\260\345\235\200\344\270\216\344\273\244\347\211\214.jpg" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/13.\346\237\245\347\234\213\350\257\201\344\271\246\351\205\215\347\275\256\346\226\207\344\273\266.png" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/13.\346\237\245\347\234\213\350\257\201\344\271\246\351\205\215\347\275\256\346\226\207\344\273\266.png" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/14.\350\257\201\344\271\246\345\257\274\345\205\245\346\226\207\344\273\266.png" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/14.\350\257\201\344\271\246\345\257\274\345\205\245\346\226\207\344\273\266.png" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/15.\346\263\250\345\206\214gitlab-runner.jpg" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/15.\346\263\250\345\206\214gitlab-runner.jpg" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/16.web\347\253\257\345\267\262\345\212\240\345\205\245_LI.jpg" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/16.web\347\253\257\345\267\262\345\212\240\345\205\245_LI.jpg" (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/iSulad+k8s/figures/17.png (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/18.dns\351\205\215\347\275\256.png" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/18.dns\351\205\215\347\275\256.png" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/19.CICD\347\225\214\351\235\242.png" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/19.CICD\347\225\214\351\235\242.png" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/2.calico\351\205\215\347\275\256.png" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/2.calico\351\205\215\347\275\256.png" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/20.yaml\346\226\207\344\273\266.png" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/20.yaml\346\226\207\344\273\266.png" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/21.\346\265\201\346\260\264\347\272\277\347\212\266\346\200\201.png" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/21.\346\265\201\346\260\264\347\272\277\347\212\266\346\200\201.png" (100%) rename docs/zh/{docs => Cloud}/ClusterDeployment/iSulad+k8s/figures/3.png (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/4.gitlab\347\275\221\351\241\265\345\205\245\345\217\243.jpg" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/4.gitlab\347\275\221\351\241\265\345\205\245\345\217\243.jpg" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/5.\346\237\245\350\257\242\345\257\206\347\240\201.jpg" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/5.\346\237\245\350\257\242\345\257\206\347\240\201.jpg" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/6.\347\231\273\345\275\225\345\220\216\351\241\265\351\235\242.png" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/6.\347\231\273\345\275\225\345\220\216\351\241\265\351\235\242.png" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/7.\351\225\234\345\203\217.png" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/7.\351\225\234\345\203\217.png" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/8.\346\226\260\345\273\272\351\241\271\347\233\256.png" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/8.\346\226\260\345\273\272\351\241\271\347\233\256.png" (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/9.\345\210\233\345\273\272\347\251\272\347\231\275\351\241\271\347\233\256.png" => "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/9.\345\210\233\345\273\272\347\251\272\347\231\275\351\241\271\347\233\256.png" (100%) rename docs/zh/{docs/ImageBuilder/isula-build => Cloud/ClusterDeployment/iSulad+k8s/figures}/public_sys-resources/icon-note.gif (100%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/gitlab\351\203\250\347\275\262.md" => docs/zh/Cloud/ClusterDeployment/iSulad+k8s/gitlab-deploy.md (96%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/gitlab-runner\351\203\250\347\275\262.md" => docs/zh/Cloud/ClusterDeployment/iSulad+k8s/gitlab-runner-deploy.md (76%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/iSulad+k8s\347\216\257\345\242\203\351\203\250\347\275\262.md" => docs/zh/Cloud/ClusterDeployment/iSulad+k8s/iSulad+k8s-environment-deploy.md (99%) rename "docs/zh/docs/ClusterDeployment/iSulad+k8s/iSulad+k8s\351\233\206\347\276\244\351\203\250\347\275\262\346\214\207\345\215\227.md" => docs/zh/Cloud/ClusterDeployment/iSulad+k8s/overview.md (99%) create mode 100644 docs/zh/Cloud/ContainerEngine/DockerEngine/_menu.md rename "docs/zh/docs/ContainerEngine/DockerEngine/\345\221\275\344\273\244\350\241\214\345\217\202\350\200\203.md" => docs/zh/Cloud/ContainerEngine/DockerEngine/command-reference.md (100%) rename "docs/zh/docs/ContainerEngine/DockerEngine/\345\256\271\345\231\250\345\274\225\346\223\216-4.md" => docs/zh/Cloud/ContainerEngine/DockerEngine/container-engine.md (100%) rename "docs/zh/docs/ContainerEngine/DockerEngine/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" => docs/zh/Cloud/ContainerEngine/DockerEngine/container-management-1.md (98%) rename "docs/zh/docs/ContainerEngine/DockerEngine/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" => docs/zh/Cloud/ContainerEngine/DockerEngine/container-management-2.md (99%) rename "docs/zh/docs/ContainerEngine/DockerEngine/Docker\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" => docs/zh/Cloud/ContainerEngine/DockerEngine/docker-faqs.md (100%) rename "docs/zh/docs/ContainerEngine/DockerEngine/\351\225\234\345\203\217\347\256\241\347\220\206-3.md" => docs/zh/Cloud/ContainerEngine/DockerEngine/image-management-1.md (100%) rename "docs/zh/docs/ContainerEngine/DockerEngine/\351\225\234\345\203\217\347\256\241\347\220\206-4.md" => docs/zh/Cloud/ContainerEngine/DockerEngine/image-management-2.md (100%) rename "docs/zh/docs/ContainerEngine/DockerEngine/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" => docs/zh/Cloud/ContainerEngine/DockerEngine/installation-and-configuration-3.md (95%) rename "docs/zh/docs/ContainerEngine/DockerEngine/Docker\345\256\271\345\231\250.md" => docs/zh/Cloud/ContainerEngine/DockerEngine/overview.md (85%) rename docs/zh/{docs/ImageBuilder/isula-build => Cloud/ContainerEngine/DockerEngine}/public_sys-resources/icon-caution.gif (100%) rename docs/zh/{docs/ImageBuilder/isula-build => Cloud/ContainerEngine/DockerEngine}/public_sys-resources/icon-danger.gif (100%) rename docs/zh/{docs/HybridDeployment/rubik/figures => Cloud/ContainerEngine/DockerEngine/public_sys-resources}/icon-note.gif (100%) rename docs/zh/{docs/ImageBuilder/isula-build => Cloud/ContainerEngine/DockerEngine}/public_sys-resources/icon-notice.gif (100%) rename docs/zh/{docs/ImageBuilder/isula-build => Cloud/ContainerEngine/DockerEngine}/public_sys-resources/icon-tip.gif (100%) rename docs/zh/{docs/ImageBuilder/isula-build => Cloud/ContainerEngine/DockerEngine}/public_sys-resources/icon-warning.gif (100%) rename "docs/zh/docs/ContainerEngine/DockerEngine/\347\273\237\350\256\241\344\277\241\346\201\257-4.md" => docs/zh/Cloud/ContainerEngine/DockerEngine/statistics.md (100%) create mode 100644 docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/_menu.md rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\351\231\204\345\275\225.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/appendix.md (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\344\275\277\347\224\250\346\214\207\345\215\227.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/application-scenarios.md (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\271\345\231\250\345\201\245\345\272\267\347\212\266\346\200\201\346\243\200\346\237\245.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/checking-the-container-health-status.md (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\271\345\231\250\347\256\241\347\220\206.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/container-management.md (99%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/container-resource-management.md (99%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/CRI-v1\346\216\245\345\217\243.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/cri-2.md (99%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/CRI-v1alpha2\346\216\245\345\217\243.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/cri.md (47%) create mode 100644 docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/errorLabelCheck.py rename docs/zh/{docs => Cloud}/ContainerEngine/iSulaContainerEngine/figures/zh-cn_image_0183048952.png (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\351\225\234\345\203\217\347\256\241\347\220\206.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/image-management.md (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/installation-configuration.md (99%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\211\350\243\205-\345\215\207\347\272\247\344\270\216\345\215\270\350\275\275.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/installation-upgrade-Uninstallation.md (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/iSula-shim-v2\345\257\271\346\216\245stratovirt.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/interconnecting-isula-shim-v2-with-stratovirt.md (99%) mode change 100755 => 100644 rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/interconnection-with-the-cni-network.md (99%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/isula\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/isula-faqs.md (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/iSulad\346\224\257\346\214\201CDI.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/isulad-support-cdi.md (97%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/iSulad\346\224\257\346\214\201cgroup v2.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/isulad-support-cgroup-v2.md (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/iSulad\346\224\257\346\214\201NRI.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/isulad-support-nri.md (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\346\234\254\345\234\260\345\215\267\347\256\241\347\220\206.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/local-volume-management.md (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/iSula\345\256\271\345\231\250\345\274\225\346\223\216.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/overview.md (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\347\211\271\346\235\203\345\256\271\345\231\250.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/privileged-container.md (100%) rename docs/zh/{docs/ContainerRuntime/Kuasar => Cloud/ContainerEngine/iSulaContainerEngine}/public_sys-resources/icon-caution.gif (100%) rename docs/zh/{docs/ContainerRuntime/Kuasar => Cloud/ContainerEngine/iSulaContainerEngine}/public_sys-resources/icon-danger.gif (100%) rename docs/zh/{docs/ContainerRuntime/Kuasar => Cloud/ContainerEngine/iSulaContainerEngine}/public_sys-resources/icon-note.gif (100%) rename docs/zh/{docs/ContainerRuntime/Kuasar => Cloud/ContainerEngine/iSulaContainerEngine}/public_sys-resources/icon-notice.gif (100%) rename docs/zh/{docs/ContainerRuntime/Kuasar => Cloud/ContainerEngine/iSulaContainerEngine}/public_sys-resources/icon-tip.gif (100%) rename docs/zh/{docs/ContainerRuntime/Kuasar => Cloud/ContainerEngine/iSulaContainerEngine}/public_sys-resources/icon-warning.gif (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\346\237\245\350\257\242\344\277\241\346\201\257.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/querying-information.md (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\211\345\205\250\347\211\271\346\200\247.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/security-features.md (98%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\346\224\257\346\214\201OCI-hooks.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/supporting-oci-hooks.md (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\215\270\350\275\275.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/uninstallation.md (100%) rename "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\215\207\347\272\247.md" => docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/upgrade-methods.md (94%) create mode 100644 docs/zh/Cloud/ContainerForm/SecureContainer/_menu.md rename docs/zh/{docs => Cloud}/ContainerForm/SecureContainer/appendix-2.md (99%) rename "docs/zh/docs/ContainerForm/SecureContainer/\344\275\277\347\224\250\346\226\271\346\263\225-1.md" => docs/zh/Cloud/ContainerForm/SecureContainer/application-scenarios-2.md (36%) rename "docs/zh/docs/ContainerForm/SecureContainer/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" => docs/zh/Cloud/ContainerForm/SecureContainer/configuring-resources-for-a-secure-container.md (99%) rename docs/zh/{docs => Cloud}/ContainerForm/SecureContainer/figures/kata-arch.png (100%) rename docs/zh/{docs => Cloud}/ContainerForm/SecureContainer/figures/zh_cn_image_0221924928.png (100%) rename "docs/zh/docs/ContainerForm/SecureContainer/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256-2.md" => docs/zh/Cloud/ContainerForm/SecureContainer/installation-and-deployment-2.md (95%) rename "docs/zh/docs/ContainerForm/SecureContainer/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" => docs/zh/Cloud/ContainerForm/SecureContainer/managing-the-lifecycle-of-a-secure-container.md (96%) rename "docs/zh/docs/ContainerForm/SecureContainer/\347\233\221\346\216\247\345\256\211\345\205\250\345\256\271\345\231\250.md" => docs/zh/Cloud/ContainerForm/SecureContainer/monitoring-secure-containers.md (100%) rename "docs/zh/docs/ContainerForm/SecureContainer/\345\256\211\345\205\250\345\256\271\345\231\250.md" => docs/zh/Cloud/ContainerForm/SecureContainer/overview.md (92%) rename docs/zh/{docs/ContainerForm/SystemContainer => Cloud/ContainerForm/SecureContainer}/public_sys-resources/icon-caution.gif (100%) rename docs/zh/{docs/ContainerForm/SystemContainer => Cloud/ContainerForm/SecureContainer}/public_sys-resources/icon-danger.gif (100%) rename docs/zh/{docs/ContainerForm/SystemContainer => Cloud/ContainerForm/SecureContainer}/public_sys-resources/icon-note.gif (100%) rename docs/zh/{docs/ContainerForm/SystemContainer => Cloud/ContainerForm/SecureContainer}/public_sys-resources/icon-notice.gif (100%) rename docs/zh/{docs/ContainerForm/SystemContainer => Cloud/ContainerForm/SecureContainer}/public_sys-resources/icon-tip.gif (100%) rename docs/zh/{docs/ContainerForm/SystemContainer => Cloud/ContainerForm/SecureContainer}/public_sys-resources/icon-warning.gif (100%) create mode 100644 docs/zh/Cloud/ContainerForm/SystemContainer/_menu.md rename "docs/zh/docs/ContainerForm/SystemContainer/\351\231\204\345\275\225-2.md" => docs/zh/Cloud/ContainerForm/SystemContainer/appendix-1.md (99%) rename docs/zh/{docs => Cloud}/ContainerForm/SystemContainer/configurable-cgroup-path.md (100%) rename docs/zh/{docs => Cloud}/ContainerForm/SystemContainer/dynamically-loading-the-kernel-module.md (98%) rename docs/zh/{docs/ContainerForm/SystemContainer/dynamically-managing-container-resources-(syscontainer-tools).md => Cloud/ContainerForm/SystemContainer/dynamically-managing-container-resources-syscontainer-tools.md} (99%) rename docs/zh/{docs => Cloud}/ContainerForm/SystemContainer/environment-variable-persisting.md (100%) rename docs/zh/{docs => Cloud}/ContainerForm/SystemContainer/installation-guideline.md (80%) rename docs/zh/{docs => Cloud}/ContainerForm/SystemContainer/maximum-number-of-handles.md (100%) rename docs/zh/{docs/ContainerForm/SystemContainer/system-container.md => Cloud/ContainerForm/SystemContainer/overview.md} (100%) rename docs/zh/{docs/ContainerForm/SecureContainer => Cloud/ContainerForm/SystemContainer}/public_sys-resources/icon-caution.gif (100%) rename docs/zh/{docs/ContainerForm/SecureContainer => Cloud/ContainerForm/SystemContainer}/public_sys-resources/icon-danger.gif (100%) rename docs/zh/{docs/ContainerForm/SecureContainer => Cloud/ContainerForm/SystemContainer}/public_sys-resources/icon-note.gif (100%) rename docs/zh/{docs/ContainerForm/SecureContainer => Cloud/ContainerForm/SystemContainer}/public_sys-resources/icon-notice.gif (100%) rename docs/zh/{docs/ContainerForm/SecureContainer => Cloud/ContainerForm/SystemContainer}/public_sys-resources/icon-tip.gif (100%) rename docs/zh/{docs/ContainerForm/SecureContainer => Cloud/ContainerForm/SystemContainer}/public_sys-resources/icon-warning.gif (100%) rename docs/zh/{docs => Cloud}/ContainerForm/SystemContainer/reboot-or-shutdown-in-a-container.md (100%) rename docs/zh/{docs => Cloud}/ContainerForm/SystemContainer/security-and-isolation.md (98%) rename docs/zh/{docs => Cloud}/ContainerForm/SystemContainer/shared-memory-channels.md (98%) rename docs/zh/{docs => Cloud}/ContainerForm/SystemContainer/specifying-rootfs-to-create-a-container.md (94%) rename docs/zh/{docs => Cloud}/ContainerForm/SystemContainer/usage-guide.md (88%) rename docs/zh/{docs => Cloud}/ContainerForm/SystemContainer/using-systemd-to-start-a-container.md (100%) rename docs/zh/{docs => Cloud}/ContainerForm/SystemContainer/writable-namespace-kernel-parameters.md (100%) create mode 100644 docs/zh/Cloud/ContainerRuntime/Kuasar/_menu.md rename docs/zh/{docs => Cloud}/ContainerRuntime/Kuasar/figures/kuasar_arch.png (100%) rename docs/zh/{docs => Cloud}/ContainerRuntime/Kuasar/kuasar-appendix.md (97%) rename docs/zh/{docs => Cloud}/ContainerRuntime/Kuasar/kuasar-install-config.md (88%) rename docs/zh/{docs => Cloud}/ContainerRuntime/Kuasar/kuasar-usage.md (96%) rename docs/zh/{docs/ContainerRuntime/Kuasar/kuasar.md => Cloud/ContainerRuntime/Kuasar/overview.md} (85%) rename docs/zh/{docs/ContainerEngine/iSulaContainerEngine => Cloud/ContainerRuntime/Kuasar}/public_sys-resources/icon-caution.gif (100%) rename docs/zh/{docs/ContainerEngine/iSulaContainerEngine => Cloud/ContainerRuntime/Kuasar}/public_sys-resources/icon-danger.gif (100%) rename docs/zh/{docs/ContainerEngine/iSulaContainerEngine => Cloud/ContainerRuntime/Kuasar}/public_sys-resources/icon-note.gif (100%) rename docs/zh/{docs/ContainerEngine/iSulaContainerEngine => Cloud/ContainerRuntime/Kuasar}/public_sys-resources/icon-notice.gif (100%) rename docs/zh/{docs/ContainerEngine/iSulaContainerEngine => Cloud/ContainerRuntime/Kuasar}/public_sys-resources/icon-tip.gif (100%) rename docs/zh/{docs/ContainerEngine/iSulaContainerEngine => Cloud/ContainerRuntime/Kuasar}/public_sys-resources/icon-warning.gif (100%) create mode 100644 docs/zh/Cloud/HybridDeployment/oncn-bwm/_menu.md rename docs/zh/{docs => Cloud}/HybridDeployment/oncn-bwm/overview.md (91%) create mode 100644 docs/zh/Cloud/HybridDeployment/rubik/_menu.md rename docs/zh/{docs => Cloud}/HybridDeployment/rubik/example-of-isolation-for-hybrid-deployed-services.md (95%) rename docs/zh/{docs/ContainerEngine/DockerEngine/public_sys-resources => Cloud/HybridDeployment/rubik/figures}/icon-note.gif (100%) rename docs/zh/{docs => Cloud}/HybridDeployment/rubik/http-apis.md (97%) rename docs/zh/{docs => Cloud}/HybridDeployment/rubik/installation-and-deployment.md (97%) rename docs/zh/{docs => Cloud}/HybridDeployment/rubik/overview.md (97%) create mode 100644 docs/zh/Cloud/ImageBuilder/isula-build/_menu.md rename docs/zh/{docs => Cloud}/ImageBuilder/isula-build/figures/isula-build_arch.png (100%) rename "docs/zh/docs/ImageBuilder/isula-build/isula-build\351\231\204\345\275\225.md" => docs/zh/Cloud/ImageBuilder/isula-build/isula-build-appendix.md (100%) rename "docs/zh/docs/ImageBuilder/isula-build/isula-build\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" => docs/zh/Cloud/ImageBuilder/isula-build/isula-build-faqs.md (100%) rename "docs/zh/docs/ImageBuilder/isula-build/isula-build\344\275\277\347\224\250\346\214\207\345\215\227.md" => docs/zh/Cloud/ImageBuilder/isula-build/isula-build.md (98%) rename "docs/zh/docs/ImageBuilder/isula-build/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" => docs/zh/Cloud/ImageBuilder/isula-build/overview.md (93%) rename docs/zh/{docs/ContainerEngine/DockerEngine => Cloud/ImageBuilder/isula-build}/public_sys-resources/icon-caution.gif (100%) rename docs/zh/{docs/ContainerEngine/DockerEngine => Cloud/ImageBuilder/isula-build}/public_sys-resources/icon-danger.gif (100%) rename docs/zh/{docs/ClusterDeployment/iSulad+k8s/figures => Cloud/ImageBuilder/isula-build}/public_sys-resources/icon-note.gif (100%) rename docs/zh/{docs/ContainerEngine/DockerEngine => Cloud/ImageBuilder/isula-build}/public_sys-resources/icon-notice.gif (100%) rename docs/zh/{docs/ContainerEngine/DockerEngine => Cloud/ImageBuilder/isula-build}/public_sys-resources/icon-tip.gif (100%) rename docs/zh/{docs/ContainerEngine/DockerEngine => Cloud/ImageBuilder/isula-build}/public_sys-resources/icon-warning.gif (100%) create mode 100644 docs/zh/Cloud/Kmesh/Kmesh/_menu.md rename "docs/zh/docs/Kmesh/Kmesh/\351\231\204\345\275\225.md" => docs/zh/Cloud/Kmesh/Kmesh/appendixes.md (100%) rename "docs/zh/docs/Kmesh/Kmesh/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" => docs/zh/Cloud/Kmesh/Kmesh/faqs.md (87%) rename docs/zh/{docs => Cloud}/Kmesh/Kmesh/figures/get_kubeconfig_error.png (100%) rename docs/zh/{docs => Cloud}/Kmesh/Kmesh/figures/kmesh-arch.png (100%) rename docs/zh/{docs => Cloud}/Kmesh/Kmesh/figures/not_set_cluster_ip.png (100%) rename "docs/zh/docs/Kmesh/Kmesh/\350\256\244\350\257\206Kmesh.md" => docs/zh/Cloud/Kmesh/Kmesh/getting-to-know-kmesh.md (100%) rename "docs/zh/docs/Kmesh/Kmesh/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" => docs/zh/Cloud/Kmesh/Kmesh/installation-and-deployment.md (90%) rename docs/zh/{docs/Kmesh/Kmesh/Kmesh.md => Cloud/Kmesh/Kmesh/overview.md} (100%) rename "docs/zh/docs/Kmesh/Kmesh/\344\275\277\347\224\250\346\226\271\346\263\225.md" => docs/zh/Cloud/Kmesh/Kmesh/usage.md (100%) create mode 100644 docs/zh/Cloud/KubeOS/KubeOS/_menu.md rename "docs/zh/docs/KubeOS/KubeOS/\350\256\244\350\257\206\345\256\271\345\231\250OS\345\215\207\347\272\247.md" => docs/zh/Cloud/KubeOS/KubeOS/about-kubeos.md (100%) rename "docs/zh/docs/KubeOS/KubeOS/figures/\345\256\271\345\231\250OS\346\226\207\344\273\266\345\270\203\345\261\200.png" => "docs/zh/Cloud/KubeOS/KubeOS/figures/\345\256\271\345\231\250OS\346\226\207\344\273\266\345\270\203\345\261\200.png" (100%) rename "docs/zh/docs/KubeOS/KubeOS/figures/\345\256\271\345\231\250OS\346\236\266\346\236\204.png" => "docs/zh/Cloud/KubeOS/KubeOS/figures/\345\256\271\345\231\250OS\346\236\266\346\236\204.png" (100%) rename "docs/zh/docs/KubeOS/KubeOS/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" => docs/zh/Cloud/KubeOS/KubeOS/installation-and-deployment.md (91%) rename "docs/zh/docs/KubeOS/KubeOS/\345\256\271\345\231\250OS\351\225\234\345\203\217\345\210\266\344\275\234\346\214\207\345\257\274.md" => docs/zh/Cloud/KubeOS/KubeOS/kubeos-image-creation.md (97%) rename docs/zh/{docs => Cloud}/KubeOS/KubeOS/overview.md (100%) rename docs/zh/{docs/ClusterDeployment/Kubernetes => Cloud/KubeOS/KubeOS}/public_sys-resources/icon-note.gif (100%) rename "docs/zh/docs/KubeOS/KubeOS/\344\275\277\347\224\250\346\226\271\346\263\225.md" => docs/zh/Cloud/KubeOS/KubeOS/usage-instructions.md (98%) create mode 100644 docs/zh/Cloud/NestOS/NestOS/_menu.md rename "docs/zh/docs/NestOS/NestOS/\345\212\237\350\203\275\347\211\271\346\200\247\346\217\217\350\277\260.md" => docs/zh/Cloud/NestOS/NestOS/feature-description.md (100%) rename docs/zh/{docs => Cloud}/NestOS/NestOS/figures/figure1.png (100%) rename docs/zh/{docs => Cloud}/NestOS/NestOS/figures/figure2.png (100%) rename "docs/zh/docs/NestOS/NestOS/NestOS For Container\347\224\250\346\210\267\346\214\207\345\215\227.md" => docs/zh/Cloud/NestOS/NestOS/nestos-for-container.md (99%) rename docs/zh/{docs => Cloud}/NestOS/NestOS/overview.md (100%) create mode 100644 docs/zh/Cloud/_menu.md delete mode 100644 docs/zh/docs/1.py delete mode 100644 docs/zh/docs/ClusterDeployment/Kubernetes/Menu/index.md delete mode 100644 docs/zh/docs/ClusterDeployment/Menu/index.md delete mode 100644 docs/zh/docs/ClusterDeployment/iSulad+k8s/Menu/index.md delete mode 100644 docs/zh/docs/ContainerEngine/DockerEngine/Menu/index.md delete mode 100644 docs/zh/docs/ContainerEngine/Menu/index.md delete mode 100644 docs/zh/docs/ContainerEngine/iSulaContainerEngine/Menu/index.md delete mode 100644 docs/zh/docs/ContainerForm/Menu/index.md delete mode 100644 docs/zh/docs/ContainerForm/SecureContainer/Menu/index.md delete mode 100644 docs/zh/docs/ContainerForm/SystemContainer/Menu/index.md delete mode 100644 docs/zh/docs/ContainerRuntime/Kuasar/Menu/index.md delete mode 100644 docs/zh/docs/ContainerRuntime/Menu/index.md delete mode 100644 docs/zh/docs/HybridDeployment/Menu/index.md delete mode 100644 docs/zh/docs/HybridDeployment/oncn-bwm/Menu/index.md delete mode 100644 docs/zh/docs/HybridDeployment/rubik/Menu/index.md delete mode 100644 docs/zh/docs/ImageBuilder/Menu/index.md delete mode 100644 docs/zh/docs/ImageBuilder/isula-build/Menu/index.md delete mode 100644 docs/zh/docs/Kmesh/Kmesh/Menu/index.md delete mode 100644 docs/zh/docs/Kmesh/Menu/index.md delete mode 100644 docs/zh/docs/KubeOS/KubeOS/Menu/index.md delete mode 100644 docs/zh/docs/KubeOS/Menu/index.md delete mode 100644 docs/zh/docs/Menu/index.md delete mode 100644 docs/zh/docs/NestOS/Menu/index.md delete mode 100644 docs/zh/docs/NestOS/NestOS/Menu/index.md delete mode 100644 docs/zh/docs/container.md diff --git a/docs/zh/Cloud/ClusterDeployment/Kubernetes/_menu.md b/docs/zh/Cloud/ClusterDeployment/Kubernetes/_menu.md new file mode 100644 index 0000000..eda3273 --- /dev/null +++ b/docs/zh/Cloud/ClusterDeployment/Kubernetes/_menu.md @@ -0,0 +1,38 @@ +--- +label: 'Kubernetes集群部署指南' +ismanual: 'Y' +description: '在openEuler环境,为搭建稳定高效Kubernetes集群提供基本的操作指引' +children: + - label: '概述' + href: './overview.md' + - label: '准备虚拟机' + href: './preparing-VMs.md' + - label: '手动部署集群' + href: './deploying-a-Kubernetes-cluster-manually.md' + children: + - label: '安装Kubernetes软件包' + href: './installing-the-Kubernetes-software-package.md' + - label: '准备证书' + href: './preparing-certificates.md' + - label: '安装etcd' + href: './installing-etcd.md' + - label: '部署控制面组件' + href: './deploying-control-plane-components.md' + - label: '部署Node节点组件' + href: './deploying-a-node-component.md' + - label: '自动部署集群' + href: './eggo-automatic-deployment.md' + children: + - label: '工具介绍' + href: './eggo-tool-introduction.md' + - label: '部署集群' + href: './eggo-deploying-a-cluster.md' + - label: '拆除集群' + href: './eggo-dismantling-a-cluster.md' + - label: '运行测试pod' + href: './running-the-test-pod.md' + - label: '基于containerd部署集群' + href: './kubernetes-containerd.md' + - label: '常见问题与解决方法' + href: './kubernetes-faqs.md' +--- \ No newline at end of file diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/deploying-a-Kubernetes-cluster-manually.md b/docs/zh/Cloud/ClusterDeployment/Kubernetes/deploying-a-Kubernetes-cluster-manually.md similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/deploying-a-Kubernetes-cluster-manually.md rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/deploying-a-Kubernetes-cluster-manually.md diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/deploying-a-node-component.md b/docs/zh/Cloud/ClusterDeployment/Kubernetes/deploying-a-node-component.md similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/deploying-a-node-component.md rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/deploying-a-node-component.md diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/deploying-control-plane-components.md b/docs/zh/Cloud/ClusterDeployment/Kubernetes/deploying-control-plane-components.md similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/deploying-control-plane-components.md rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/deploying-control-plane-components.md diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/eggo-automatic-deployment.md b/docs/zh/Cloud/ClusterDeployment/Kubernetes/eggo-automatic-deployment.md similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/eggo-automatic-deployment.md rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/eggo-automatic-deployment.md diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/eggo-deploying-a-cluster.md b/docs/zh/Cloud/ClusterDeployment/Kubernetes/eggo-deploying-a-cluster.md similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/eggo-deploying-a-cluster.md rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/eggo-deploying-a-cluster.md diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/eggo-dismantling-a-cluster.md b/docs/zh/Cloud/ClusterDeployment/Kubernetes/eggo-dismantling-a-cluster.md similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/eggo-dismantling-a-cluster.md rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/eggo-dismantling-a-cluster.md diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/eggo-tool-introduction.md b/docs/zh/Cloud/ClusterDeployment/Kubernetes/eggo-tool-introduction.md similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/eggo-tool-introduction.md rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/eggo-tool-introduction.md diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/figures/advertiseAddress.png b/docs/zh/Cloud/ClusterDeployment/Kubernetes/figures/advertiseAddress.png similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/figures/advertiseAddress.png rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/figures/advertiseAddress.png diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/figures/arch.png b/docs/zh/Cloud/ClusterDeployment/Kubernetes/figures/arch.png similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/figures/arch.png rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/figures/arch.png diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/figures/flannelConfig.png b/docs/zh/Cloud/ClusterDeployment/Kubernetes/figures/flannelConfig.png similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/figures/flannelConfig.png rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/figures/flannelConfig.png diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/figures/name.png b/docs/zh/Cloud/ClusterDeployment/Kubernetes/figures/name.png similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/figures/name.png rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/figures/name.png diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/figures/podSubnet.png b/docs/zh/Cloud/ClusterDeployment/Kubernetes/figures/podSubnet.png similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/figures/podSubnet.png rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/figures/podSubnet.png diff --git "a/docs/zh/docs/ClusterDeployment/Kubernetes/\345\256\211\350\243\205etcd.md" b/docs/zh/Cloud/ClusterDeployment/Kubernetes/installing-etcd.md similarity index 100% rename from "docs/zh/docs/ClusterDeployment/Kubernetes/\345\256\211\350\243\205etcd.md" rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/installing-etcd.md diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/installing-the-Kubernetes-software-package.md b/docs/zh/Cloud/ClusterDeployment/Kubernetes/installing-the-Kubernetes-software-package.md similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/installing-the-Kubernetes-software-package.md rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/installing-the-Kubernetes-software-package.md diff --git "a/docs/zh/docs/ClusterDeployment/Kubernetes/Kubernetes\351\233\206\347\276\244\351\203\250\347\275\262\346\214\207\345\215\2271.md" b/docs/zh/Cloud/ClusterDeployment/Kubernetes/kubernetes-containerd.md similarity index 100% rename from "docs/zh/docs/ClusterDeployment/Kubernetes/Kubernetes\351\233\206\347\276\244\351\203\250\347\275\262\346\214\207\345\215\2271.md" rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/kubernetes-containerd.md diff --git "a/docs/zh/docs/ClusterDeployment/Kubernetes/kubernetes\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" b/docs/zh/Cloud/ClusterDeployment/Kubernetes/kubernetes-faqs.md similarity index 97% rename from "docs/zh/docs/ClusterDeployment/Kubernetes/kubernetes\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/kubernetes-faqs.md index b4ab2cf..29cff9a 100644 --- "a/docs/zh/docs/ClusterDeployment/Kubernetes/kubernetes\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" +++ b/docs/zh/Cloud/ClusterDeployment/Kubernetes/kubernetes-faqs.md @@ -1,13 +1,13 @@ -# 常见问题与解决方法 - -## **问题1:Kubernetes + docker为什么无法部署** - -原因:Kubernetes自1.21版本开始不再支持Kubernetes + docker部署Kubernetes集群。 - -解决方法:改为使用cri-dockerd+docker部署集群,也可以使用containerd或者iSulad部署集群。 - -## **问题2:openEuler无法通过yum直接安装Kubernetes相关的rpm包** - -原因:Kubernetes相关的rpm包需要配置yum的repo源有关EPOL的部分。 - -解决方法:[参考链接](https://forum.openeuler.org/t/topic/768)中repo源,重新配置环境中的EPOL源。 +# 常见问题与解决方法 + +## **问题1:Kubernetes + docker为什么无法部署** + +原因:Kubernetes自1.21版本开始不再支持Kubernetes + docker部署Kubernetes集群。 + +解决方法:改为使用cri-dockerd+docker部署集群,也可以使用containerd或者iSulad部署集群。 + +## **问题2:openEuler无法通过yum直接安装Kubernetes相关的rpm包** + +原因:Kubernetes相关的rpm包需要配置yum的repo源有关EPOL的部分。 + +解决方法:[参考链接](https://forum.openeuler.org/t/topic/768)中repo源,重新配置环境中的EPOL源。 diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/Kubernetes.md b/docs/zh/Cloud/ClusterDeployment/Kubernetes/overview.md similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/Kubernetes.md rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/overview.md diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/preparing-VMs.md b/docs/zh/Cloud/ClusterDeployment/Kubernetes/preparing-VMs.md similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/preparing-VMs.md rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/preparing-VMs.md diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/preparing-certificates.md b/docs/zh/Cloud/ClusterDeployment/Kubernetes/preparing-certificates.md similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/preparing-certificates.md rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/preparing-certificates.md diff --git a/docs/zh/docs/KubeOS/KubeOS/public_sys-resources/icon-note.gif b/docs/zh/Cloud/ClusterDeployment/Kubernetes/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/KubeOS/KubeOS/public_sys-resources/icon-note.gif rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/running-the-test-pod.md b/docs/zh/Cloud/ClusterDeployment/Kubernetes/running-the-test-pod.md similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/running-the-test-pod.md rename to docs/zh/Cloud/ClusterDeployment/Kubernetes/running-the-test-pod.md diff --git a/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/_menu.md b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/_menu.md new file mode 100644 index 0000000..7fa0a7a --- /dev/null +++ b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/_menu.md @@ -0,0 +1,14 @@ +--- +label: 'iSulad+k8s集群部署指南' +ismanual: 'Y' +description: '在openEuler环境,基于iSulad容器引擎搭建Kubernetes集群' +children: + - label: '概述' + href: './overview.md' + - label: 'iSulad+k8s环境部署' + href: './iSulad+k8s-environment-deploy.md' + - label: 'gitlab部署' + href: './gitlab-deploy.md' + - label: 'gitlab-runner部署' + href: './gitlab-runner-deploy.md' +--- \ No newline at end of file diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/1.\346\237\245\347\234\213\351\234\200\350\246\201\351\225\234\345\203\217.png" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/1.\346\237\245\347\234\213\351\234\200\350\246\201\351\225\234\345\203\217.png" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/1.\346\237\245\347\234\213\351\234\200\350\246\201\351\225\234\345\203\217.png" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/1.\346\237\245\347\234\213\351\234\200\350\246\201\351\225\234\345\203\217.png" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/10.\350\207\252\345\256\232\344\271\211\351\241\271\347\233\256\345\220\215\347\247\260.jpg" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/10.\350\207\252\345\256\232\344\271\211\351\241\271\347\233\256\345\220\215\347\247\260.jpg" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/10.\350\207\252\345\256\232\344\271\211\351\241\271\347\233\256\345\220\215\347\247\260.jpg" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/10.\350\207\252\345\256\232\344\271\211\351\241\271\347\233\256\345\220\215\347\247\260.jpg" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/11.\350\256\276\347\275\256-cicd-runner.png" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/11.\350\256\276\347\275\256-cicd-runner.png" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/11.\350\256\276\347\275\256-cicd-runner.png" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/11.\350\256\276\347\275\256-cicd-runner.png" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/12.\350\256\260\344\270\213runner\345\234\260\345\235\200\344\270\216\344\273\244\347\211\214.jpg" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/12.\350\256\260\344\270\213runner\345\234\260\345\235\200\344\270\216\344\273\244\347\211\214.jpg" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/12.\350\256\260\344\270\213runner\345\234\260\345\235\200\344\270\216\344\273\244\347\211\214.jpg" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/12.\350\256\260\344\270\213runner\345\234\260\345\235\200\344\270\216\344\273\244\347\211\214.jpg" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/13.\346\237\245\347\234\213\350\257\201\344\271\246\351\205\215\347\275\256\346\226\207\344\273\266.png" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/13.\346\237\245\347\234\213\350\257\201\344\271\246\351\205\215\347\275\256\346\226\207\344\273\266.png" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/13.\346\237\245\347\234\213\350\257\201\344\271\246\351\205\215\347\275\256\346\226\207\344\273\266.png" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/13.\346\237\245\347\234\213\350\257\201\344\271\246\351\205\215\347\275\256\346\226\207\344\273\266.png" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/14.\350\257\201\344\271\246\345\257\274\345\205\245\346\226\207\344\273\266.png" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/14.\350\257\201\344\271\246\345\257\274\345\205\245\346\226\207\344\273\266.png" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/14.\350\257\201\344\271\246\345\257\274\345\205\245\346\226\207\344\273\266.png" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/14.\350\257\201\344\271\246\345\257\274\345\205\245\346\226\207\344\273\266.png" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/15.\346\263\250\345\206\214gitlab-runner.jpg" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/15.\346\263\250\345\206\214gitlab-runner.jpg" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/15.\346\263\250\345\206\214gitlab-runner.jpg" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/15.\346\263\250\345\206\214gitlab-runner.jpg" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/16.web\347\253\257\345\267\262\345\212\240\345\205\245_LI.jpg" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/16.web\347\253\257\345\267\262\345\212\240\345\205\245_LI.jpg" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/16.web\347\253\257\345\267\262\345\212\240\345\205\245_LI.jpg" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/16.web\347\253\257\345\267\262\345\212\240\345\205\245_LI.jpg" diff --git a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/17.png b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/17.png similarity index 100% rename from docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/17.png rename to docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/17.png diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/18.dns\351\205\215\347\275\256.png" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/18.dns\351\205\215\347\275\256.png" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/18.dns\351\205\215\347\275\256.png" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/18.dns\351\205\215\347\275\256.png" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/19.CICD\347\225\214\351\235\242.png" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/19.CICD\347\225\214\351\235\242.png" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/19.CICD\347\225\214\351\235\242.png" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/19.CICD\347\225\214\351\235\242.png" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/2.calico\351\205\215\347\275\256.png" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/2.calico\351\205\215\347\275\256.png" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/2.calico\351\205\215\347\275\256.png" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/2.calico\351\205\215\347\275\256.png" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/20.yaml\346\226\207\344\273\266.png" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/20.yaml\346\226\207\344\273\266.png" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/20.yaml\346\226\207\344\273\266.png" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/20.yaml\346\226\207\344\273\266.png" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/21.\346\265\201\346\260\264\347\272\277\347\212\266\346\200\201.png" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/21.\346\265\201\346\260\264\347\272\277\347\212\266\346\200\201.png" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/21.\346\265\201\346\260\264\347\272\277\347\212\266\346\200\201.png" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/21.\346\265\201\346\260\264\347\272\277\347\212\266\346\200\201.png" diff --git a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/3.png b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/3.png similarity index 100% rename from docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/3.png rename to docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/3.png diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/4.gitlab\347\275\221\351\241\265\345\205\245\345\217\243.jpg" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/4.gitlab\347\275\221\351\241\265\345\205\245\345\217\243.jpg" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/4.gitlab\347\275\221\351\241\265\345\205\245\345\217\243.jpg" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/4.gitlab\347\275\221\351\241\265\345\205\245\345\217\243.jpg" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/5.\346\237\245\350\257\242\345\257\206\347\240\201.jpg" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/5.\346\237\245\350\257\242\345\257\206\347\240\201.jpg" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/5.\346\237\245\350\257\242\345\257\206\347\240\201.jpg" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/5.\346\237\245\350\257\242\345\257\206\347\240\201.jpg" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/6.\347\231\273\345\275\225\345\220\216\351\241\265\351\235\242.png" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/6.\347\231\273\345\275\225\345\220\216\351\241\265\351\235\242.png" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/6.\347\231\273\345\275\225\345\220\216\351\241\265\351\235\242.png" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/6.\347\231\273\345\275\225\345\220\216\351\241\265\351\235\242.png" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/7.\351\225\234\345\203\217.png" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/7.\351\225\234\345\203\217.png" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/7.\351\225\234\345\203\217.png" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/7.\351\225\234\345\203\217.png" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/8.\346\226\260\345\273\272\351\241\271\347\233\256.png" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/8.\346\226\260\345\273\272\351\241\271\347\233\256.png" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/8.\346\226\260\345\273\272\351\241\271\347\233\256.png" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/8.\346\226\260\345\273\272\351\241\271\347\233\256.png" diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/9.\345\210\233\345\273\272\347\251\272\347\231\275\351\241\271\347\233\256.png" "b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/9.\345\210\233\345\273\272\347\251\272\347\231\275\351\241\271\347\233\256.png" similarity index 100% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/9.\345\210\233\345\273\272\347\251\272\347\231\275\351\241\271\347\233\256.png" rename to "docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/9.\345\210\233\345\273\272\347\251\272\347\231\275\351\241\271\347\233\256.png" diff --git a/docs/zh/docs/ImageBuilder/isula-build/public_sys-resources/icon-note.gif b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/ImageBuilder/isula-build/public_sys-resources/icon-note.gif rename to docs/zh/Cloud/ClusterDeployment/iSulad+k8s/figures/public_sys-resources/icon-note.gif diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/gitlab\351\203\250\347\275\262.md" b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/gitlab-deploy.md similarity index 96% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/gitlab\351\203\250\347\275\262.md" rename to docs/zh/Cloud/ClusterDeployment/iSulad+k8s/gitlab-deploy.md index 892c6a2..a6ec5ab 100644 --- "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/gitlab\351\203\250\347\275\262.md" +++ b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/gitlab-deploy.md @@ -299,7 +299,7 @@ spec: 查看是否可以登录gitlab网页,网址为ip地址加设定的端口。 -![网页入口](figures/4.gitlab%E7%BD%91%E9%A1%B5%E5%85%A5%E5%8F%A3.jpg) +![网页入口](figures/4.gitlab网页入口.jpg) 用户名为root,默认密码需进入容器后查看密码文件。 ```bash @@ -307,8 +307,8 @@ spec: # cat /etc/gitlab/initial_root_password ``` -![查询密码](figures/5.%E6%9F%A5%E8%AF%A2%E5%AF%86%E7%A0%81.jpg) +![查询密码](figures/5.查询密码.jpg) - 登录后界面如图: -![登录后页面](figures/6.%E7%99%BB%E5%BD%95%E5%90%8E%E9%A1%B5%E9%9D%A2.png) +![登录后页面](figures/6.登录后页面.png) diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/gitlab-runner\351\203\250\347\275\262.md" b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/gitlab-runner-deploy.md similarity index 76% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/gitlab-runner\351\203\250\347\275\262.md" rename to docs/zh/Cloud/ClusterDeployment/iSulad+k8s/gitlab-runner-deploy.md index 29500c1..3e8e0a0 100644 --- "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/gitlab-runner\351\203\250\347\275\262.md" +++ b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/gitlab-runner-deploy.md @@ -66,29 +66,29 @@ spec: # kubectl get pod -A -o wide ``` -![镜像](figures/7.%E9%95%9C%E5%83%8F.png) +![镜像](figures/7.镜像.png) ## 登录gitlab容器网页-用户证书认证 1. 新建项目。 - ![新建项目](figures/8.%E6%96%B0%E5%BB%BA%E9%A1%B9%E7%9B%AE.png) + ![新建项目](figures/8.新建项目.png) 2. 创建空白项目。 - ![创建空白项目](figures/9.%E5%88%9B%E5%BB%BA%E7%A9%BA%E7%99%BD%E9%A1%B9%E7%9B%AE.png) + ![创建空白项目](figures/9.创建空白项目.png) 3. 自定义项目名称。 - ![自定义项目名称](figures/10.%E8%87%AA%E5%AE%9A%E4%B9%89%E9%A1%B9%E7%9B%AE%E5%90%8D%E7%A7%B0.jpg) + ![自定义项目名称](figures/10.自定义项目名称.jpg) 4. 设置--CI/CD--Runner--展开。 - ![设置-cicd-runner](figures/11.%E8%AE%BE%E7%BD%AE-cicd-runner.png) + ![设置-cicd-runner](figures/11.设置-cicd-runner.png) 5. 记录注册Runner的地址和令牌。 - ![记下runner地址与令牌](figures/12.%E8%AE%B0%E4%B8%8Brunner%E5%9C%B0%E5%9D%80%E4%B8%8E%E4%BB%A4%E7%89%8C.jpg) + ![记下runner地址与令牌](figures/12.记下runner地址与令牌.jpg) 6. 导入证书文件。 @@ -100,7 +100,7 @@ spec: # cat /etc/kubernetes/admin.conf ``` - ![查看证书配置文件](figures/13.%E6%9F%A5%E7%9C%8B%E8%AF%81%E4%B9%A6%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6.png) + ![查看证书配置文件](figures/13.查看证书配置文件.png) - 加密生成admin.crt @@ -123,7 +123,8 @@ spec: 7. 在runner运行的节点处将三个证书文件导入gitlab-runner容器。 > ![](./figures/public_sys-resources/icon-note.gif) **说明:** - >导入容器需查看gitlab-runner运行在哪个节点上,将三个证书文件拷贝至该节点,然后使用isula cp命令导入。 + > + > 导入容器需查看gitlab-runner运行在哪个节点上,将三个证书文件拷贝至该节点,然后使用isula cp命令导入。 ```bash # isula cp admin.crt [容器id]:存放位置 @@ -133,15 +134,15 @@ spec: 注:isula cp 命令只能一次拷贝一个文件 - ![证书导入文件](figures/14.%E8%AF%81%E4%B9%A6%E5%AF%BC%E5%85%A5%E6%96%87%E4%BB%B6.png) + ![证书导入文件](figures/14.证书导入文件.png) ## 注册gitlab-runner 进入到runner的容器内进行注册;目前采用交互式注册,注册信息在gitlab上获得,当前配置的 runner服务于项目组,此信息的界面在gitlab-\>项目组(group)-\>设置-\>CI/CD-\>runner中查看。 -![注册gitlab-runner](figures/15.%E6%B3%A8%E5%86%8Cgitlab-runner.jpg) +![注册gitlab-runner](figures/15.注册gitlab-runner.jpg) -![web端已加入](figures/16.web%E7%AB%AF%E5%B7%B2%E5%8A%A0%E5%85%A5_LI.jpg) +![web端已加入](figures/16.web端已加入_LI.jpg) 将准备好的gitlab-runner-helper镜像提前上传至私有镜像仓,进入gitlab-runner容器中,修改配置文件。 @@ -170,7 +171,7 @@ spec: # kubectl edit configmaps coredns -n kube-system ``` - ![dns](figures/18.dns%E9%85%8D%E7%BD%AE.png) + ![dns](figures/18.dns配置.png) 3. 重启coredns服务。 @@ -183,12 +184,12 @@ spec: 返回gitlab的web界面,选择CI/CD--编辑器--创建CI/CD流水线。 -![CICD界面](figures/19.CICD%E7%95%8C%E9%9D%A2.png) +![CICD界面](figures/19.CICD界面.png) - 编译yaml文件如下: -![yaml文件](figures/20.yaml%E6%96%87%E4%BB%B6.png) +![yaml文件](figures/20.yaml文件.png) - 流水线-查看状态。 -![流水线状态](figures/21.%E6%B5%81%E6%B0%B4%E7%BA%BF%E7%8A%B6%E6%80%81.png) +![流水线状态](figures/21.流水线状态.png) diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/iSulad+k8s\347\216\257\345\242\203\351\203\250\347\275\262.md" b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/iSulad+k8s-environment-deploy.md similarity index 99% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/iSulad+k8s\347\216\257\345\242\203\351\203\250\347\275\262.md" rename to docs/zh/Cloud/ClusterDeployment/iSulad+k8s/iSulad+k8s-environment-deploy.md index e065fce..2e6a63d 100644 --- "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/iSulad+k8s\347\216\257\345\242\203\351\203\250\347\275\262.md" +++ b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/iSulad+k8s-environment-deploy.md @@ -249,11 +249,12 @@ ``` 注意对应的版本号,输出结果如图所示。 - ![](figures/1.%E6%9F%A5%E7%9C%8B%E9%9C%80%E8%A6%81%E9%95%9C%E5%83%8F.png) + ![](figures/1.查看需要镜像.png) 2. 使用isula拉取所需镜像。 > ![](./figures/public_sys-resources/icon-note.gif) **说明:** + > > 以下所下载的镜像版本均为示例,具体版本号以上条命令返回结果为准,下同。 ```shell diff --git "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/iSulad+k8s\351\233\206\347\276\244\351\203\250\347\275\262\346\214\207\345\215\227.md" b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/overview.md similarity index 99% rename from "docs/zh/docs/ClusterDeployment/iSulad+k8s/iSulad+k8s\351\233\206\347\276\244\351\203\250\347\275\262\346\214\207\345\215\227.md" rename to docs/zh/Cloud/ClusterDeployment/iSulad+k8s/overview.md index 5bcb2c8..cf530d4 100644 --- "a/docs/zh/docs/ClusterDeployment/iSulad+k8s/iSulad+k8s\351\233\206\347\276\244\351\203\250\347\275\262\346\214\207\345\215\227.md" +++ b/docs/zh/Cloud/ClusterDeployment/iSulad+k8s/overview.md @@ -19,4 +19,5 @@ 2. gitlab runner 部署和测试。 > ![](./figures/public_sys-resources/icon-note.gif) **说明:** +> > 本文档所有操作均使用root权限执行。 diff --git a/docs/zh/Cloud/ContainerEngine/DockerEngine/_menu.md b/docs/zh/Cloud/ContainerEngine/DockerEngine/_menu.md new file mode 100644 index 0000000..1e1c79b --- /dev/null +++ b/docs/zh/Cloud/ContainerEngine/DockerEngine/_menu.md @@ -0,0 +1,27 @@ +--- +label: 'Docker容器' +ismanual: 'Y' +description: 'Docker是一个开源的容器引擎项目,用以实现应用的快速打包、部署和交付' +children: + - label: '概述' + href: './overview.md' + - label: '安装配置' + href: './installation-and-configuration-3.md' + - label: '容器管理' + href: './container-management-1.md' + - label: '镜像管理' + href: './image-management-1.md' + - label: '命令行参考' + href: './command-reference.md' + children: + - label: '容器引擎' + href: './container-engine.md' + - label: '容器管理' + href: './container-management-2.md' + - label: '镜像管理' + href: './image-management-2.md' + - label: '统计信息' + href: './statistics.md' + - label: 'Docker常见问题与解决方法' + href: './docker-faqs.md' +--- \ No newline at end of file diff --git "a/docs/zh/docs/ContainerEngine/DockerEngine/\345\221\275\344\273\244\350\241\214\345\217\202\350\200\203.md" b/docs/zh/Cloud/ContainerEngine/DockerEngine/command-reference.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/DockerEngine/\345\221\275\344\273\244\350\241\214\345\217\202\350\200\203.md" rename to docs/zh/Cloud/ContainerEngine/DockerEngine/command-reference.md diff --git "a/docs/zh/docs/ContainerEngine/DockerEngine/\345\256\271\345\231\250\345\274\225\346\223\216-4.md" b/docs/zh/Cloud/ContainerEngine/DockerEngine/container-engine.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/DockerEngine/\345\256\271\345\231\250\345\274\225\346\223\216-4.md" rename to docs/zh/Cloud/ContainerEngine/DockerEngine/container-engine.md diff --git "a/docs/zh/docs/ContainerEngine/DockerEngine/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" b/docs/zh/Cloud/ContainerEngine/DockerEngine/container-management-1.md similarity index 98% rename from "docs/zh/docs/ContainerEngine/DockerEngine/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" rename to docs/zh/Cloud/ContainerEngine/DockerEngine/container-management-1.md index 0d972ad..ac4c9f3 100644 --- "a/docs/zh/docs/ContainerEngine/DockerEngine/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" +++ b/docs/zh/Cloud/ContainerEngine/DockerEngine/container-management-1.md @@ -102,7 +102,7 @@ container\_registry这个容器已经启动了,但是并不知道容器中的 5000/tcp -> 0.0.0.0:49155 ``` -从输出可以看出,容器内的5000端口映射到了主机的49155端口。通过主机IP:49155就可以访问registry服务了,在浏览器中输入 +从输出可以看出,容器内的5000端口映射到了主机的49155端口。通过主机IP:49155就可以访问registry服务了,在浏览器中输入就可以返回registry的版本信息。 在运行registry镜像的时候还可以直接指定端口映射如: @@ -164,7 +164,7 @@ docker run --name=container_registry -d -p 5000:5000 registry \--blkio-weight-device参数需要磁盘工作于完全公平队列调度(CFQ:Completely Fair Queuing)的策略时才能工作。 - 通过查看磁盘scheduler文件(‘/sys/block/<磁盘>/queue/scheduler’)可以获知磁盘支持的策略以及当前所采用的策略,如查看sda: + 通过查看磁盘scheduler文件(‘/sys/block/\<磁盘>/queue/scheduler’)可以获知磁盘支持的策略以及当前所采用的策略,如查看sda: ```bash # cat /sys/block/sda/queue/scheduler noop [deadline] cfq @@ -564,7 +564,7 @@ CONTAINER ID IMAGE COMMAND CREATED } ``` -> ![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > - 容器内健康检查的状态信息最多保存5条。会保存最后得到的5条记录。 > - 容器内健康检查相关配置同时最多只能有一条生效。Dockerfile中配置的靠后的条目会覆盖靠前的;容器创建时的配置会覆盖镜像中的。 @@ -660,7 +660,7 @@ docker inspect docker exec进入容器执行的第一个命令为 bash 命令时,当退出 exec 时,要保证在这次exec启动的进程都退出了,再执行exit退出,否则会导致exit退出时终端卡住的情况。如果要在exit退出时,exec中启动的进程仍然在后台保持运行,要在启动进程时加上nohup。 -### docker rename和docker stats 的使用冲突 +### docker rename和docker stats \的使用冲突 如果使用`docker stats ` 实时监控容器,当使用docker rename重命名容器之后,docker stats中显示的名字将还是原来的名字,不是rename后的名字。 diff --git "a/docs/zh/docs/ContainerEngine/DockerEngine/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" b/docs/zh/Cloud/ContainerEngine/DockerEngine/container-management-2.md similarity index 99% rename from "docs/zh/docs/ContainerEngine/DockerEngine/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" rename to docs/zh/Cloud/ContainerEngine/DockerEngine/container-management-2.md index 5d147ef..2ef70b2 100644 --- "a/docs/zh/docs/ContainerEngine/DockerEngine/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" +++ b/docs/zh/Cloud/ContainerEngine/DockerEngine/container-management-2.md @@ -1051,7 +1051,8 @@ b15976967abb busybox:latest "bash" 34 seconds ago $ sudo docker restart busybox ``` -> ![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** +> > 容器在restart过程中,如果容器内存在D状态或Z状态的进程,可能会导致容器重启失败,这需要进一步分析导致容器内进程D状态或Z状态的原因,待容器内进程D状态或Z状态解除后,再进行容器restart操作。 ## rm diff --git "a/docs/zh/docs/ContainerEngine/DockerEngine/Docker\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" b/docs/zh/Cloud/ContainerEngine/DockerEngine/docker-faqs.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/DockerEngine/Docker\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to docs/zh/Cloud/ContainerEngine/DockerEngine/docker-faqs.md diff --git "a/docs/zh/docs/ContainerEngine/DockerEngine/\351\225\234\345\203\217\347\256\241\347\220\206-3.md" b/docs/zh/Cloud/ContainerEngine/DockerEngine/image-management-1.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/DockerEngine/\351\225\234\345\203\217\347\256\241\347\220\206-3.md" rename to docs/zh/Cloud/ContainerEngine/DockerEngine/image-management-1.md diff --git "a/docs/zh/docs/ContainerEngine/DockerEngine/\351\225\234\345\203\217\347\256\241\347\220\206-4.md" b/docs/zh/Cloud/ContainerEngine/DockerEngine/image-management-2.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/DockerEngine/\351\225\234\345\203\217\347\256\241\347\220\206-4.md" rename to docs/zh/Cloud/ContainerEngine/DockerEngine/image-management-2.md diff --git "a/docs/zh/docs/ContainerEngine/DockerEngine/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" b/docs/zh/Cloud/ContainerEngine/DockerEngine/installation-and-configuration-3.md similarity index 95% rename from "docs/zh/docs/ContainerEngine/DockerEngine/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" rename to docs/zh/Cloud/ContainerEngine/DockerEngine/installation-and-configuration-3.md index f4c06df..cfd8332 100644 --- "a/docs/zh/docs/ContainerEngine/DockerEngine/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" +++ b/docs/zh/Cloud/ContainerEngine/DockerEngine/installation-and-configuration-3.md @@ -26,13 +26,15 @@ cat /etc/docker/daemon.json 用户需要明白重新指定各种运行目录和文件(包括--graph、--exec-root等),可能会存在目录冲突,或文件属性变换,对应用的正常使用造成影响。 ->![](./public_sys-resources/icon-notice.gif) **须知:** ->用户指定的目录或文件应为docker专用,避免冲突导致的文件属性变化带来安全问题。 +> ![](./public_sys-resources/icon-notice.gif) **须知:** +> +> 用户指定的目录或文件应为docker专用,避免冲突导致的文件属性变化带来安全问题。 - 以--graph为例,当我们使用/new/path/作为daemon新的Root Dir时,如果/new/path/下已经存在文件,且目录或文件名与docker需要使用的目录或文件名冲突(例如: containers、hooks、tmp等目录)时,docker可能会更新原有目录或文件的属性,包括属主、权限等为自己的属主和权限。 ->![](./public_sys-resources/icon-notice.gif) **须知:** ->从docker-17.05开始,--graph参数被标记为Deprecated,用新的参数--data-root替代。 +> ![](./public_sys-resources/icon-notice.gif) **须知:** +> +> 从docker-17.05开始,--graph参数被标记为Deprecated,用新的参数--data-root替代。 ### daemon自带网络配置 @@ -46,8 +48,9 @@ cat /etc/docker/daemon.json docker启动容器时的默认umask值为0027,可以在dockerd启动时,使用--exec-opt native.umask=normal参数将容器启动时的umask修改为0022。 ->![](./public_sys-resources/icon-notice.gif) **须知:** ->如果docker create/run也配置了native.umask参数,则以docker create/run中的配置为准。 +> ![](./public_sys-resources/icon-notice.gif) **须知:** +> +> 如果docker create/run也配置了native.umask参数,则以docker create/run中的配置为准。 详细的配置见[docker create](./容器管理-4.md#create)和[docker run](./容器管理-4.md#run)章节的参数说明。 @@ -117,8 +120,9 @@ docker支持配置audit,但不是强制的。例如: [root@localhost signal]# auditctl -l | grep docker -w /var/lib/docker/ -p rwxa -k docker ``` ->![](./public_sys-resources/icon-note.gif) **说明:** ->-p \[r|w|x|a\] 和-w一起使用,观察用户对这个目录的读、写、执行或者属性变化(如时间戳变化)。这样的话,在/var/lib/docker目录下的任何文件、目录操作,都会打印日志到audit.log中,从而会有太多的日志往audit.log中记录,会严重地影响auditd, 比如内存、cpu占用等,进而影响os的运行。例如:每次执行"ls /var/lib/docker/containers"都会有类似如下日志记录到/var/log/audit/audit.log中。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> -p \[r|w|x|a\] 和-w一起使用,观察用户对这个目录的读、写、执行或者属性变化(如时间戳变化)。这样的话,在/var/lib/docker目录下的任何文件、目录操作,都会打印日志到audit.log中,从而会有太多的日志往audit.log中记录,会严重地影响auditd, 比如内存、cpu占用等,进而影响os的运行。例如:每次执行"ls /var/lib/docker/containers"都会有类似如下日志记录到/var/log/audit/audit.log中。 ```text type=SYSCALL msg=audit(1517656451.457:8097): arch=c000003e syscall=257 success=yes exit=3 a0=ffffffffffffff9c a1=1b955b0 a2=90800 a3=0 items=1 ppid=17821 pid=1925 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 ses=4 comm="ls" exe="/usr/bin/ls" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="docker"type=CWD msg=audit(1517656451.457:8097): cwd="/root"type=PATH msg=audit(1517656451.457:8097): item=0 name="/var/lib/docker/containers" inode=1049112 dev=fd:00 mode=040700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:container_var_lib_t:s0 objtype=NORMAL @@ -396,5 +400,6 @@ Error response from daemon: oci runtime error: container with id exists: xxxxxx - 构建缓存,构建缓存信息会在重启后删除。 - containerd保存的元数据,由于启动容器会重建containerd元数据,重启节点会清理containerd中保存的元数据。 - > ![](./public_sys-resources/icon-note.gif) **说明:** + > ![](./public_sys-resources/icon-note.gif) **说明:** + > > 用户若选择采用手动清理恢复环境的方式,可通过配置环境变量“DISABLE\_CRASH\_FILES\_DELETE=true”屏蔽daemon掉电重启时db文件清理功能。 diff --git "a/docs/zh/docs/ContainerEngine/DockerEngine/Docker\345\256\271\345\231\250.md" b/docs/zh/Cloud/ContainerEngine/DockerEngine/overview.md similarity index 85% rename from "docs/zh/docs/ContainerEngine/DockerEngine/Docker\345\256\271\345\231\250.md" rename to docs/zh/Cloud/ContainerEngine/DockerEngine/overview.md index d4baff4..546243d 100644 --- "a/docs/zh/docs/ContainerEngine/DockerEngine/Docker\345\256\271\345\231\250.md" +++ b/docs/zh/Cloud/ContainerEngine/DockerEngine/overview.md @@ -2,5 +2,6 @@ Docker是一个开源的Linux容器引擎项目, 用以实现应用的快速打包、部署和交付。Docker的英文本意是码头工人,码头工人的工作就是将商品打包到container\(集装箱\)并且搬运container、装载container。 对应到Linux中,Docker就是将app打包到container,通过container实现app在各种平台上的部署、运行。Docker通过Linux Container技术将app变成一个标准化的、可移植的、自管理的组件,从而实现应用的“一次构建,到处运行”。Docker技术特点就是:应用快速发布、部署简单、管理方便,应用密度更高。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->Docker容器的安装和使用需要root权限。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> Docker容器的安装和使用需要root权限。 diff --git a/docs/zh/docs/ImageBuilder/isula-build/public_sys-resources/icon-caution.gif b/docs/zh/Cloud/ContainerEngine/DockerEngine/public_sys-resources/icon-caution.gif similarity index 100% rename from docs/zh/docs/ImageBuilder/isula-build/public_sys-resources/icon-caution.gif rename to docs/zh/Cloud/ContainerEngine/DockerEngine/public_sys-resources/icon-caution.gif diff --git a/docs/zh/docs/ImageBuilder/isula-build/public_sys-resources/icon-danger.gif b/docs/zh/Cloud/ContainerEngine/DockerEngine/public_sys-resources/icon-danger.gif similarity index 100% rename from docs/zh/docs/ImageBuilder/isula-build/public_sys-resources/icon-danger.gif rename to docs/zh/Cloud/ContainerEngine/DockerEngine/public_sys-resources/icon-danger.gif diff --git a/docs/zh/docs/HybridDeployment/rubik/figures/icon-note.gif b/docs/zh/Cloud/ContainerEngine/DockerEngine/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/HybridDeployment/rubik/figures/icon-note.gif rename to docs/zh/Cloud/ContainerEngine/DockerEngine/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/ImageBuilder/isula-build/public_sys-resources/icon-notice.gif b/docs/zh/Cloud/ContainerEngine/DockerEngine/public_sys-resources/icon-notice.gif similarity index 100% rename from docs/zh/docs/ImageBuilder/isula-build/public_sys-resources/icon-notice.gif rename to docs/zh/Cloud/ContainerEngine/DockerEngine/public_sys-resources/icon-notice.gif diff --git a/docs/zh/docs/ImageBuilder/isula-build/public_sys-resources/icon-tip.gif b/docs/zh/Cloud/ContainerEngine/DockerEngine/public_sys-resources/icon-tip.gif similarity index 100% rename from docs/zh/docs/ImageBuilder/isula-build/public_sys-resources/icon-tip.gif rename to docs/zh/Cloud/ContainerEngine/DockerEngine/public_sys-resources/icon-tip.gif diff --git a/docs/zh/docs/ImageBuilder/isula-build/public_sys-resources/icon-warning.gif b/docs/zh/Cloud/ContainerEngine/DockerEngine/public_sys-resources/icon-warning.gif similarity index 100% rename from docs/zh/docs/ImageBuilder/isula-build/public_sys-resources/icon-warning.gif rename to docs/zh/Cloud/ContainerEngine/DockerEngine/public_sys-resources/icon-warning.gif diff --git "a/docs/zh/docs/ContainerEngine/DockerEngine/\347\273\237\350\256\241\344\277\241\346\201\257-4.md" b/docs/zh/Cloud/ContainerEngine/DockerEngine/statistics.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/DockerEngine/\347\273\237\350\256\241\344\277\241\346\201\257-4.md" rename to docs/zh/Cloud/ContainerEngine/DockerEngine/statistics.md diff --git a/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/_menu.md b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/_menu.md new file mode 100644 index 0000000..557ee68 --- /dev/null +++ b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/_menu.md @@ -0,0 +1,56 @@ +--- +label: 'iSula容器引擎' +ismanual: 'Y' +description: '在iSula是使用C/C++实现的容器引起,具有轻、灵、巧、快的特点' +children: + - label: '概述' + href: './overview.md' + - label: '安装、升级与卸载' + href: './installation-upgrade-Uninstallation.md' + children: + - label: '安装与配置' + href: './installation-configuration.md' + - label: '升级' + href: './upgrade-methods.md' + - label: '卸载' + href: './uninstallation.md' + - label: '使用指南' + href: './application-scenarios.md' + children: + - label: '容器管理' + href: './container-management.md' + - label: '支持CNI网络' + href: './interconnection-with-the-cni-network.md' + - label: '容器资源管理' + href: './container-resource-management.md' + - label: '特权容器' + href: './privileged-container.md' + - label: 'CRI-v1alpha2接口' + href: './cri.md' + - label: 'CRI-v1接口' + href: './cri-2.md' + - label: '镜像管理' + href: './image-management.md' + - label: '容器健康状态检查' + href: './checking-the-container-health-status.md' + - label: '查询信息' + href: './querying-information.md' + - label: '安全特性' + href: './security-features.md' + - label: '支持OCI hooks' + href: './supporting-oci-hooks.md' + - label: '本地卷管理' + href: './local-volume-management.md' + - label: 'iSulad shim v2 对接 StratoVirt' + href: './interconnecting-isula-shim-v2-with-stratovirt.md' + - label: 'iSulad支持cgroup v2' + href: './isulad-support-cgroup-v2.md' + - label: 'iSulad支持CDI' + href: './isulad-support-cdi.md' + - label: 'iSulad支持NRI' + href: './isulad-support-nri.md' + - label: '常见问题与解决方法' + href: './isula-faqs.md' + - label: '附录' + href: './appendix.md' +--- diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\351\231\204\345\275\225.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/appendix.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\351\231\204\345\275\225.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/appendix.md diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\344\275\277\347\224\250\346\214\207\345\215\227.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/application-scenarios.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\344\275\277\347\224\250\346\214\207\345\215\227.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/application-scenarios.md diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\271\345\231\250\345\201\245\345\272\267\347\212\266\346\200\201\346\243\200\346\237\245.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/checking-the-container-health-status.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\271\345\231\250\345\201\245\345\272\267\347\212\266\346\200\201\346\243\200\346\237\245.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/checking-the-container-health-status.md diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\271\345\231\250\347\256\241\347\220\206.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/container-management.md similarity index 99% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\271\345\231\250\347\256\241\347\220\206.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/container-management.md index 4130f04..fc891ee 100644 --- "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\271\345\231\250\347\256\241\347\220\206.md" +++ b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/container-management.md @@ -1081,7 +1081,8 @@ run命令支持参数参考下表。 - > ![](./public_sys-resources/icon-notice.gif) **须知:** + > ![](./public_sys-resources/icon-notice.gif) **须知:** + > > 第一种情况,先挂载/home/test1,然后挂载/home/test2,这种情况会导致/home/test1的内容覆盖掉原来/mnt下面的内容,这样可能导致/mnt下面不存在abc目录,这样会导致挂载/home/test2到/mnt/abc失败。 > 第二种情况,先挂载/home/test2,然后挂载/home/test1。这种情况,第二次的挂载会把/mnt的内容替换为/home/test1的内容,这样第一次挂载的/home/test2到/mnt/abc的内容就看不到了。 > 因此,不支持第一种使用方式;第二种使用用户需要了解这种数据无法访问的风险 @@ -1091,7 +1092,8 @@ run命令支持参数参考下表。 - 请谨慎配置使用--device、-v 等可以挂载主机资源的参数,请勿将host的敏感目录或者设备,映射到容器中,以防止敏感信息泄漏。 - 请谨慎使用--privileged选项启动容器,--privileged选项会导致容器权限过大,影响宿主机配置。 - > ![](./public_sys-resources/icon-notice.gif) **须知:** + > ![](./public_sys-resources/icon-notice.gif) **须知:** + > > 高并发场景(并发启动200容器)下,glibc的内存管理机制会导致内存空洞以及虚拟内存较大(例如10GB)的问题。该问题是高并发场景下glibc内存管理机制的限制,而不是内存泄露,不会导致内存消耗无限增大。可以通过设置MALLOC\_ARENA\_MAX环境变量来减少虚拟内存的问题,而且可以增大减少物理内存的概率。但是这个环境变量会导致iSulad的并发性能下降,需要用户根据实际情况做配置。 > > 参考实践情况,平衡性能和内存,可以设置MALLOC_ARENA_MAX为4。(在arm64服务器上面对iSulad的性能影响在10%以内) diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/container-resource-management.md similarity index 99% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/container-resource-management.md index 1297a3b..036b686 100644 --- "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" +++ b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/container-resource-management.md @@ -13,8 +13,9 @@ cgroup v2来进行资源管理。无论是cgroup v1还是使用cgroup v2对容 容器间或者容器与host之间可以共享namespace信息,包括pid, net, ipc, uts。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->当使用与主机共享namespace信息时,即缺少了对应的namespace隔离机制,在容器中可以查询、操作主机上的信息,存在安全 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 当使用与主机共享namespace信息时,即缺少了对应的namespace隔离机制,在容器中可以查询、操作主机上的信息,存在安全 隐患。比如使用--pid=host共享主机pid namespace时,即可以看到主机上其他进程信息,造成信息泄露,甚至直接kill杀死主机 进程。请在确保安全的场景下,谨慎使用共享主机host namespace功能。 @@ -184,8 +185,9 @@ create/run时可以指定下列参数。 isula run -tid --cpuset-cpus 0,2-3 busybox sh ``` ->![](./public_sys-resources/icon-note.gif) **说明:** ->是否设置成功,请参见“查询单个容器信息”章节。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 是否设置成功,请参见“查询单个容器信息”章节。 ## 限制运行时的内存 @@ -473,8 +475,9 @@ overlay 10.0M 10.0M 0 100% / 使用限额功能的isulad切换数据盘时,需要保证被切换的数据盘使用\`prjquota\`选项挂载,且/var/lib/isulad/storage/overlay2目录的挂载方式与/var/lib/isulad相同。 - > ![](./public_sys-resources/icon-note.gif) **说明:** - > 切换数据盘时需要保证/var/lib/isulad/storage/overlay2的挂载点被卸载。 + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > 切换数据盘时需要保证/var/lib/isulad/storage/overlay2的挂载点被卸载。 ## 限制容器内文件句柄数 diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/CRI-v1\346\216\245\345\217\243.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/cri-2.md similarity index 99% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/CRI-v1\346\216\245\345\217\243.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/cri-2.md index 43b9385..52f1df6 100644 --- "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/CRI-v1\346\216\245\345\217\243.md" +++ b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/cri-2.md @@ -5,8 +5,8 @@ CRI(Container Runtime Interface, 容器运行时接口)是kublet与容器引擎通信使用的主要协议。 在K8S 1.25及之前,K8S存在CRI v1alpha2 和 CRI V1两种版本的CRI接口,但从1.26开始,K8S仅提供对于CRI V1的支持。 -iSulad同时提供对[CRI v1alpha2](./CRI-v1alpha2接口.md)和CRI v1的支持, -对于CRI v1,iSulad支持[CRI v1alpha2](./CRI-v1alpha2接口.md)所述功能, +iSulad同时提供对[CRI v1alpha2](./cri.md)和CRI v1的支持, +对于CRI v1,iSulad支持[CRI v1alpha2](./cri.md)所述功能, 并提供对CRI V1中所定义新接口和字段的支持。 目前iSulad支持的CRI V1版本为1.29,对应官网描述API如下: diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/CRI-v1alpha2\346\216\245\345\217\243.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/cri.md similarity index 47% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/CRI-v1alpha2\346\216\245\345\217\243.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/cri.md index b902cf6..387c24a 100644 --- "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/CRI-v1alpha2\346\216\245\345\217\243.md" +++ b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/cri.md @@ -12,8 +12,9 @@ CRI API 接口是由kubernetes 推出的容器运行时接口,CRI定义了容 ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出入,以本文档描述的接口为准。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->CRI接口websocket流式服务,服务端侦听地址为127.0.0.1,端口为10350,端口可通过命令行--websocket-server-listening-port参数接口或者daemon.json配置文件进行配置。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> CRI接口websocket流式服务,服务端侦听地址为127.0.0.1,端口为10350,端口可通过命令行--websocket-server-listening-port参数接口或者daemon.json配置文件进行配置。 ## 接口 @@ -59,37 +60,14 @@ ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出 指定sandbox的端口映射配置 - - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

Protocol protocol

-

端口映射使用的协议

-

int32 container_port

-

容器内的端口号

-

int32 host_port

-

主机上的端口号

-

string host_ip

-

主机IP地址

-
+ | **参数成员** | **描述** | + |----------------------|--------------------| + | Protocol protocol | 端口映射使用的协议 | + | int32 container_port | 容器内的端口号 | + | int32 host_port | 主机上的端口号 | + | string host_ip | 主机IP地址 | -- **MountPropagation** +- **MountPropagation** 挂载传播属性的enum列表 @@ -122,40 +100,13 @@ ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出 Mount指定host上的一个挂载卷挂载到容器中(只支持文件和文件夹\) - - - - - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

string container_path

-

容器中的路径

-

string host_path

-

主机上的路径

-

bool readonly

-

是否配置在容器中是只读的, 缺省值: false

-

bool selinux_relabel

-

是否设置SELinux标签(不支持配置)

-

MountPropagation propagation

-

挂载传播属性配置(取值0/1/2,分别对应private/rslave/rshared传播属性) 缺省值:0

-
+ | **参数成员** | **描述** | + |------------------------------|---------------------------------------------------------------------------------| + | string container_path | 容器中的路径 | + | string host_path | 主机上的路径 | + | bool readonly | 是否配置在容器中是只读的, 缺省值: false | + | bool selinux_relabel | 是否设置SELinux标签(不支持配置) | + | MountPropagation propagation | 挂载传播属性配置(取值**0/1/2**,分别对应**private/rslave/rshared**传播属性) **缺省值:0** | - **NamespaceOption** @@ -246,89 +197,31 @@ ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出 -- **LinuxSandboxSecurityContext** +- **LinuxSandboxSecurityContext** 配置sandbox的linux安全选项。 - 注意,这些安全选项不会应用到sandbox中的容器中,也可能不适用于没有任何running进程的sandbox + 注意,这些安全选项不会应用到sandbox中的容器中,也可能不适用于没有任何running进程的sandbox。 - - - - - - - - - - - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

NamespaceOption namespace_options

-

配置sandbox的命名空间选项

-

SELinuxOption selinux_options

-

配置SELinux选项(不支持)

-

Int64Value run_as_user

-

配置sandbox中进程的uid

-

bool readonly_rootfs

-

配置sandbox的根文件系统是否只读

-

repeated int64 supplemental_groups

-

配置除主GID之外的sandbox的1号进程用户组信息

-

bool privileged

-

配置sandbox是否为特权容器

-

string seccomp_profile_path

-

seccomp配置文件路径,有效值为:

-

// unconfined: 不配置seccomp

-

// localhost/<配置文件的全路径>: 安装在系统上的配置文件路径

-

// <配置文件的全路径>: 配置文件全路径

-

// 默认不配置,即unconfined。

-
+ | **参数成员** | **描述** | + |------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| + | NamespaceOption namespace_options | 配置sandbox的命名空间选项 | + | SELinuxOption selinux_options | 配置SELinux选项(不支持) | + | Int64Value run_as_user | 配置sandbox中进程的uid | + | bool readonly_rootfs | 配置sandbox的根文件系统是否只读 | + | repeated int64 supplemental_groups | 配置除主GID之外的sandbox的1号进程用户组信息 | + | bool privileged | 配置sandbox是否为特权容器 | + | string seccomp_profile_path | seccomp配置文件路径,有效值为:
// unconfined: 不配置seccomp
// localhost/\<配置文件的全路径>: 安装在系统上的配置文件路径
// \<配置文件的全路径>: 配置文件全路径
// 默认不配置,即unconfined。 | - **LinuxPodSandboxConfig** 设定和Linux主机及容器相关的一些配置 - - - - - - - - - - - - - - - -

参数成员

-

描述

-

string cgroup_parent

-

sandbox的cgroup父路径,runtime可根据实际情况使用cgroupfs或systemd的语法。(不支持配置)

-

LinuxSandboxSecurityContext security_context

-

sandbox的安全属性

-

map<string, string> sysctls

-

sandbox的linux sysctls配置

-
+ | **参数成员** | **描述** | + |----------------------------------------------|-----------------------------------------------------------------------------------------| + | string cgroup_parent | sandbox的cgroup父路径,runtime可根据实际情况使用cgroupfs或systemd的语法。(不支持配置) | + | LinuxSandboxSecurityContext security_context | sandbox的安全属性 | + | map\ sysctls | sandbox的linux sysctls配置 | - **PodSandboxMetadata** @@ -368,55 +261,16 @@ ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出 包含创建sandbox的所有必选和可选配置信息 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

PodSandboxMetadata metadata

-

sandbox的元数据,这项信息唯一标识一个sandbox,runtime必须利用此信息确保操作正确,runtime也可以根据此信息来改善用户体验,例如构建可读的sandbox名称。

-

string hostname

-

sandbox的hostname

-

string log_directory

-

配置sandbox内的容器的日志文件所存储的文件夹

-

DNSConfig dns_config

-

sandbox的DNS配置

-

repeated PortMapping port_mappings

-

sandbox的端口映射

-

map<string, string> labels

-

可用于标识单个或一系列sandbox的键值对

-

map<string, string> annotations

-

存储任意信息的键值对,这些值是不可更改的,且能够利用PodSandboxStatus接口查询

-

LinuxPodSandboxConfig linux

-

与linux主机相关的可选项

-
+ | **参数成员** | **描述** | + |------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------| + | PodSandboxMetadata metadata | sandbox的元数据,这项信息唯一标识一个sandbox,runtime必须利用此信息确保操作正确,runtime也可以根据此信息来改善用户体验,例如构建可读的sandbox名称。 | + | string hostname | sandbox的hostname | + | string log_directory | 配置sandbox内的容器的日志文件所存储的文件夹 | + | DNSConfig dns_config | sandbox的DNS配置 | + | repeated PortMapping port_mappings | sandbox的端口映射 | + | map\ labels | 可用于标识单个或一系列sandbox的键值对 | + | map\ annotations | 存储任意信息的键值对,这些值是不可更改的,且能够利用PodSandboxStatus接口查询 | + | LinuxPodSandboxConfig linux | 与linux主机相关的可选项 | - **PodSandboxNetworkStatus** @@ -451,39 +305,17 @@ ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出 命名空间选项 - - - - - - - - - -

参数成员

-

描述

-

NamespaceOption options

-

Linux 命名空间选项

-
+ | **参数成员** | **描述** | + |-------------------------|--------------------| + | NamespaceOption options | Linux 命名空间选项 | - **LinuxPodSandboxStatus** 描述Linux sandbox的状态 - - - - - - - - - -

参数成员

-

描述

-

Namespace namespaces

-

sandbox命名空间

-
+ | **参数成员** | **描述** | + |----------------------|-----------------| + | Namespace **namespaces** | sandbox命名空间 | - **PodSandboxState** @@ -513,147 +345,47 @@ ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出 描述Podsandbox的状态信息 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

string id

-

sandbox的ID

-

PodSandboxMetadata metadata

-

sandbox的元数据

-

PodSandboxState state

-

sandbox的状态值

-

int64 created_at

-

sandbox的创建时间戳,单位纳秒

-

repeated PodSandboxNetworkStatus networks

-

sandbox的多平面网络状态

-

LinuxPodSandboxStatus linux

-

Linux规范的sandbox状态

-

map<string, string> labels

-

可用于标识单个或一系列sandbox的键值对

-

map<string, string> annotations

-

存储任意信息的键值对,这些值是不可被runtime更改的

-
+ | **参数成员** | **描述** | + |-------------------------------------------|---------------------------------------------------| + | string id | sandbox的ID | + | PodSandboxMetadata metadata | sandbox的元数据 | + | PodSandboxState state | sandbox的状态值 | + | int64 created_at | sandbox的创建时间戳,单位纳秒 | + | repeated PodSandboxNetworkStatus networks | sandbox的多平面网络状态 | + | LinuxPodSandboxStatus linux | Linux规范的sandbox状态 | + | map\ labels | 可用于标识单个或一系列sandbox的键值对 | + | map\ annotations | 存储任意信息的键值对,这些值是不可被runtime更改的 | - **PodSandboxStateValue** 对PodSandboxState的封装 - - - - - - - - - -

参数成员

-

描述

-

PodSandboxState state

-

sandbox的状态值

-
+ | **参数成员** | **描述** | + |-----------------------|-----------------| + | PodSandboxState state | sandbox的状态值 | - **PodSandboxFilter** 用于列出sandbox时添加过滤条件,多个条件取交集显示 - - - - - - - - - - - - - - - -

参数成员

-

描述

-

string id

-

sandbox的ID

-

PodSandboxStateValue state

-

sandbox的状态

-

map<string, string> label_selector

-

sandbox的labels,label只支持完全匹配,不支持正则匹配

-
+ | **参数成员** | **描述** | + |------------------------------------|------------------------------------------------------| + | string id | sandbox的ID | + | PodSandboxStateValue state | sandbox的状态 | + | map\ label_selector | sandbox的labels,label只支持完全匹配,不支持正则匹配 | - **PodSandbox** 包含最小化描述一个sandbox的数据 - - - - - - - - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

string id

-

sandbox的ID

-

PodSandboxMetadata metadata

-

sandbox的元数据

-

PodSandboxState state

-

sandbox的状态值

-

int64 created_at

-

sandbox的创建时间戳,单位纳秒

-

map<string, string> labels

-

可用于标识单个或一系列sandbox的键值对

-

map<string, string> annotations

-

存储任意信息的键值对,这些值是不可被runtime更改的

-
+ | **参数成员** | **描述** | + |---------------------------------|---------------------------------------------------| + | string id | sandbox的ID | + | PodSandboxMetadata metadata | sandbox的元数据 | + | PodSandboxState state | sandbox的状态值 | + | int64 created_at | sandbox的创建时间戳,单位纳秒 | + | map\ labels | 可用于标识单个或一系列sandbox的键值对 | + | map\ annotations | 存储任意信息的键值对,这些值是不可被runtime更改的 | - **KeyValue** @@ -775,166 +507,82 @@ ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出 封装ContainerState的数据结构 - - - - - - - - - -

参数成员

-

描述

-

ContainerState state

-

容器状态值

-
+ | **参数成员** | **描述** | + |----------------------|------------| + | ContainerState **state** | 容器状态值 | - **ContainerFilter** 用于列出container时添加过滤条件,多个条件取交集显示 - - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

string id

-

container的ID

-

PodSandboxStateValue state

-

container的状态

-

string pod_sandbox_id

-

sandbox的ID

-

map<string, string> label_selector

-

container的labels,label只支持完全匹配,不支持正则匹配

-
+ | **参数成员** | **描述** | + |------------------------------------|--------------------------------------------------------| + | string id | container的ID | + | PodSandboxStateValue state | container的状态 | + | string pod_sandbox_id | sandbox的ID | + | map\ label_selector | container的labels,label只支持完全匹配,不支持正则匹配 | - **LinuxContainerSecurityContext** 指定应用于容器的安全配置 - - -

参数成员

+ | **参数成员** | **描述** | + |------------------------------------|------------------------------------------------------------------------------------------------------------------------------------| + | Capability capabilities | 新增或去除的权能 | + | bool privileged | 指定容器是否未特权模式, **缺省值:false** | + | NamespaceOption namespace_options | 指定容器的namespace选项 | + | SELinuxOption selinux_options | SELinux context(可选配置项) **暂不支持** | + | Int64Value run_as_user | 运行容器进程的UID。 一次只能指定run_as_user与run_as_username其中之一,run_as_username优先生效 | + | string run_as_username | 运行容器进程的用户名。 如果指定,用户必须存在于容器映像中(即在映像内的/etc/passwd中),并由运行时在那里解析; 否则,运行时必须出错 | + | bool readonly_rootfs | 设置容器中根文件系统是否为只读 **缺省值由config.json配置** | + | repeated int64 supplemental_groups | 容器运行的除主GID外首进程组的列表 | + | string apparmor_profile | 容器的AppArmor配置文件 **暂不支持** | + | string seccomp_profile_path | 容器的seccomp配置文件路径 | + | bool no_new_privs | 是否在容器上设置no_new_privs的标志 | + +- **LinuxContainerResources** + + 指定Linux容器资源的特定配置 + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

参数成员

描述

+

描述

Capability capabilities

+

int64 cpu_period

新增或去除的权能

+

CPU CFS(完全公平调度程序)周期。 缺省值:0

bool privileged

+

int64 cpu_quota

指定容器是否未特权模式, 缺省值:false

+

CPU CFS(完全公平调度程序)配额。 缺省值:0

NamespaceOption namespace_options

+

int64 cpu_shares

指定容器的namespace选项

+

所占CPU份额(相对于其他容器的相对权重)。 缺省值:0

SELinuxOption selinux_options

+

int64 memory_limit_in_bytes

SELinux context(可选配置项) 暂不支持

+

内存限制(字节)。 缺省值:0

Int64Value run_as_user

+

int64 oom_score_adj

运行容器进程的UID。 一次只能指定run_as_user与run_as_username其中之一,run_as_username优先生效

+

OOMScoreAdj用于调整oom-killer。 缺省值:0

string run_as_username

+

string cpuset_cpus

运行容器进程的用户名。 如果指定,用户必须存在于容器映像中(即在映像内的/etc/passwd中),并由运行时在那里解析; 否则,运行时必须出错

+

指定容器使用的CPU核心。 缺省值:“”

bool readonly_rootfs

+

string cpuset_mems

设置容器中根文件系统是否为只读 缺省值由config.json配置

-

repeated int64 supplemental_groups

-

容器运行的除主GID外首进程组的列表

-

string apparmor_profile

-

容器的AppArmor配置文件 暂不支持

-

string seccomp_profile_path

-

容器的seccomp配置文件路径

-

bool no_new_privs

-

是否在容器上设置no_new_privs的标志

-
- -- **LinuxContainerResources** - - 指定Linux容器资源的特定配置 - - - - - - - - - - - - - - - - - - - - - - - - - @@ -944,44 +592,14 @@ ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出 Image信息描述一个镜像的基本数据。 - -

参数成员

-

描述

-

int64 cpu_period

-

CPU CFS(完全公平调度程序)周期。 缺省值:0

-

int64 cpu_quota

-

CPU CFS(完全公平调度程序)配额。 缺省值:0

-

int64 cpu_shares

-

所占CPU份额(相对于其他容器的相对权重)。 缺省值:0

-

int64 memory_limit_in_bytes

-

内存限制(字节)。 缺省值:0

-

int64 oom_score_adj

-

OOMScoreAdj用于调整oom-killer。 缺省值:0

-

string cpuset_cpus

-

指定容器使用的CPU核心。 缺省值:“”

-

string cpuset_mems

-

指定容器使用的内存节点。 缺省值:“”

+

指定容器使用的内存节点。 缺省值:“”
- - - - - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

string id

-

镜像ID

-

repeated string repo_tags

-

镜像tag 名称 repo_tags

-

repeated string repo_digests

-

镜像digest信息

-

uint64 size

-

镜像大小

-

Int64Value uid

-

镜像默认用户UID

-

string username

-

镜像默认用户名称

-
+ | **参数成员** | **描述** | + |------------------------------|------------------------| + | string id | 镜像ID | + | repeated string repo_tags | 镜像tag 名称 repo_tags | + | repeated string repo_digests | 镜像digest信息 | + | uint64 size | 镜像大小 | + | Int64Value uid | 镜像默认用户UID | + | string username | 镜像默认用户名称 | - **ImageSpec** @@ -1023,34 +641,12 @@ ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出 - **FilesystemUsage** - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

int64 timestamp

-

收集文件系统信息时的时间戳

-

StorageIdentifier storage_id

-

存储镜像的文件系统UUID

-

UInt64Value used_bytes

-

存储镜像元数据的大小

-

UInt64Value inodes_used

-

存储镜像元数据的inodes个数

-
+ | **参数成员** | **描述** | + |------------------------------|----------------------------| + | int64 timestamp | 收集文件系统信息时的时间戳 | + | StorageIdentifier storage_id | 存储镜像的文件系统UUID | + | UInt64Value used_bytes | 存储镜像元数据的大小 | + | UInt64Value inodes_used | 存储镜像元数据的inodes个数 | - **AuthConfig** @@ -1097,149 +693,39 @@ ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出 用于描述容器信息,例如ID, 状态等。 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

string id

-

container的ID

-

string pod_sandbox_id

-

该容器所属的sandbox的ID

-

ContainerMetadata metadata

-

container的元数据

-

ImageSpec image

-

镜像规格

-

string image_ref

-

代表容器使用的镜像,对大多数runtime来产,这是一个image ID值

-

ContainerState state

-

container的状态

-

int64 created_at

-

container的创建时间戳,单位为纳秒

-

map<string, string> labels

-

可用于标识单个或一系列container的键值对

-

map<string, string> annotations

-

存储任意信息的键值对,这些值是不可被runtime更改的

-
+ | **参数成员** | **描述** | + |---------------------------------|-------------------------------------------------------------| + | string id | container的ID | + | string pod_sandbox_id | 该容器所属的sandbox的ID | + | ContainerMetadata metadata | container的元数据 | + | ImageSpec image | 镜像规格 | + | string image_ref | 代表容器使用的镜像,对大多数runtime来产,这是一个image ID值 | + | ContainerState state | container的状态 | + | int64 created_at | container的创建时间戳,单位为纳秒 | + | map\ labels | 可用于标识单个或一系列container的键值对 | + | map\ annotations | 存储任意信息的键值对,这些值是不可被runtime更改的 | - **ContainerStatus** 用于描述容器状态信息 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

string id

-

container的ID

-

ContainerMetadata metadata

-

container的元数据

-

ContainerState state

-

container的状态

-

int64 created_at

-

container的创建时间戳,单位为纳秒

-

int64 started_at

-

container启动时的时间戳,单位为纳秒

-

int64 finished_at

-

container退出时的时间戳,单位为纳秒

-

int32 exit_code

-

容器退出码

-

ImageSpec image

-

镜像规格

-

string image_ref

-

代表容器使用的镜像,对大多数runtime来产,这是一个image ID值

-

string reason

-

简要描述为什么容器处于当前状态

-

string message

-

易于人工阅读的信息,用于表述容器处于当前状态的原因

-

map<string, string> labels

-

可用于标识单个或一系列container的键值对

-

map<string, string> annotations

-

存储任意信息的键值对,这些值是不可被runtime更改的

-

repeated Mount mounts

-

容器的挂载点信息

-

string log_path

-

容器日志文件路径,该文件位于PodSandboxConfig中配置的log_directory文件夹下

-
+ | **参数成员** | **描述** | + |---------------------------------|---------------------------------------------------------------------------| + | string id | container的ID | + | ContainerMetadata metadata | container的元数据 | + | ContainerState state | container的状态 | + | int64 created_at | container的创建时间戳,单位为纳秒 | + | int64 started_at | container启动时的时间戳,单位为纳秒 | + | int64 finished_at | container退出时的时间戳,单位为纳秒 | + | int32 exit_code | 容器退出码 | + | ImageSpec image | 镜像规格 | + | string image_ref | 代表容器使用的镜像,对大多数runtime来产,这是一个image ID值 | + | string reason | 简要描述为什么容器处于当前状态 | + | string message | 易于人工阅读的信息,用于表述容器处于当前状态的原因 | + | map\ labels | 可用于标识单个或一系列container的键值对 | + | map\ annotations | 存储任意信息的键值对,这些值是不可被runtime更改的 | + | repeated Mount mounts | 容器的挂载点信息 | + | string log_path | 容器日志文件路径,该文件位于PodSandboxConfig中配置的log_directory文件夹下 | - **ContainerStatsFilter** @@ -1274,69 +760,23 @@ ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出 用于列出container stats时添加过滤条件,多个条件取交集显示 - - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

ContainerAttributes attributes

-

容器的信息

-

CpuUsage cpu

-

CPU使用情况

-

MemoryUsage memory

-

内存使用情况

-

FilesystemUsage writable_layer

-

可写层使用情况

-
+ | **参数成员** | **描述** | + |--------------------------------|----------------| + | ContainerAttributes attributes | 容器的信息 | + | CpuUsage cpu | CPU使用情况 | + | MemoryUsage memory | 内存使用情况 | + | FilesystemUsage writable_layer | 可写层使用情况 | - **ContainerAttributes** 列出container的基本信息 - - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

string id

-

容器的ID

-

ContainerMetadata metadata

-

容器的metadata

-

map<string,string> labels

-

可用于标识单个或一系列container的键值对

-

map<string,string> annotations

-

存储任意信息的键值对,这些值是不可被runtime更改的

-
+ | **参数成员** | **描述** | + |--------------------------------|---------------------------------------------------| + | string id | 容器的ID | + | ContainerMetadata metadata | 容器的metadata | + | map\ labels | 可用于标识单个或一系列container的键值对 | + | map\ annotations | 存储任意信息的键值对,这些值是不可被runtime更改的 | - **CpuUsage** @@ -1389,211 +829,103 @@ ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出 - **FilesystemUsage** 列出container的读写层信息 - - - - - - - - - - - - - - - - - - - -

参数成员

-

描述

-

int64 timestamp

-

时间戳

-

StorageIdentifier storage_id

-

可写层目录

-

UInt64Value used_bytes

-

镜像在可写层的占用字节

-

UInt64Value inodes_used

-

镜像在可写层的占用inode数

-
- -- **Device** - - 指定待挂载至容器的主机卷 - - - - - - - - - - - - - - - -

参数成员

-

描述

-

string container_path

-

容器内的挂载路径

-

string host_path

-

主机上的挂载路径

-

string permissions

-

设备的Cgroup权限,(r允许容器从指定的设备读取; w允许容器从指定的设备写入; m允许容器创建尚不存在的设备文件)

-
- -- **LinuxContainerConfig** - - 包含特定于Linux平台的配置 - - - - - - - - - - - - -

参数成员

-

描述

-

LinuxContainerResources resources

-

容器的资源规范

-

LinuxContainerSecurityContext security_context

-

容器的Linux容器安全配置

-
- -- **ContainerConfig** - - 包含用于创建容器的所有必需和可选字段 - - - - - - - - - - - - - - - - - - - - - - - - - + + +

参数成员

-

描述

-

ContainerMetadata metadata

-

容器的元数据。 此信息将唯一标识容器,运行时应利用此信息来确保正确操作。 运行时也可以使用此信息来提升UX(用户体检设计),例如通过构造可读名称。(必选)

-

ImageSpec image

-

容器使用的镜像 (必选)

-

repeated string command

-

待执行的命令 缺省值: "/bin/sh"

-

repeated string args

-

待执行命令的参数

-

string working_dir

-

命令执行的当前工作路径

-

repeated KeyValue envs

-

在容器中配置的环境变量

-

repeated Mount mounts

-

待在容器中挂载的挂载点信息

-
+ - + - - - - - - - - +

参数成员

+

描述

+

repeated Device devices

+

int64 timestamp

待在容器中映射的设备信息

+

时间戳

map<string, string> labels

+

StorageIdentifier storage_id

可用于索引和选择单个资源的键值对。

+

可写层目录

map<string, string> annotations

+

UInt64Value used_bytes

可用于存储和检索任意元数据的非结构化键值映射。

+

镜像在可写层的占用字节

string log_path

+

UInt64Value inodes_used

相对于PodSandboxConfig.LogDirectory的路径,用于存储容器主机上的日志(STDOUT和STDERR)。

+

镜像在可写层的占用inode数

bool stdin

+
+ +- **Device** + + 指定待挂载至容器的主机卷 + + + - - - - - - -

参数成员

是否打开容器的stdin

+

描述

bool stdin_once

+

string container_path

当某次连接stdin的数据流断开时,是否立即断开其他与stdin连接的数据流(暂不支持

+

容器内的挂载路径

bool tty

+

string host_path

是否使用伪终端连接容器的stdio

+

主机上的挂载路径

LinuxContainerConfig linux

+

string permissions

linux系统上容器的特定配置信息

+

设备的Cgroup权限,(r允许容器从指定的设备读取; w允许容器从指定的设备写入; m允许容器创建尚不存在的设备文件)
-- **NetworkConfig** +- **LinuxContainerConfig** + + 包含特定于Linux平台的配置 - Runtime的网络配置 + | **参数成员** | **描述** | + |------------------------------------------------|-------------------------| + | LinuxContainerResources resources | 容器的资源规范 | + | LinuxContainerSecurityContext security_context | 容器的Linux容器安全配置 | - - - - - - - - -

参数成员

-

描述

-

string pod_cidr

-

Pod IP 地址使用的CIDR

-
+- **ContainerConfig** + + 包含用于创建容器的所有必需和可选字段 + + | **参数成员** | **描述** | + |---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------| + | ContainerMetadata metadata | 容器的元数据。 此信息将唯一标识容器,运行时应利用此信息来确保正确操作。 运行时也可以使用此信息来提升UX(用户体检设计),例如通过构造可读名称。(必选) | + | ImageSpec image | 容器使用的镜像 (**必选**) | + | repeated string command | 待执行的命令 **缺省值: "/bin/sh"** | + | repeated string args | 待执行命令的参数 | + | string working_dir | 命令执行的当前工作路径 | + | repeated KeyValue envs | 在容器中配置的环境变量 | + | repeated Mount mounts | 待在容器中挂载的挂载点信息 | + | repeated Device devices | 待在容器中映射的设备信息 | + | map\ labels | 可用于索引和选择单个资源的键值对。 | + | map\ annotations | 可用于存储和检索任意元数据的非结构化键值映射。 | + | string log_path | 相对于PodSandboxConfig.LogDirectory的路径,用于存储容器主机上的日志(STDOUT和STDERR)。 | + | bool stdin | 是否打开容器的stdin | + | bool stdin_once | 当某次连接stdin的数据流断开时,是否立即断开其他与stdin连接的数据流 **(暂不支持)** | + | bool tty | 是否使用伪终端连接容器的stdio | + | LinuxContainerConfig linux | linux系统上容器的特定配置信息 | - **RuntimeConfig** Runtime的网络配置 - - - - - - - - -

参数成员

-

描述

-

NetworkConfig network_config

-

Runtime的网络配置

-
+ | **参数成员** | **描述** | + |------------------------------|-------------------| + | NetworkConfig network_config | Runtime的网络配置 | - **RuntimeCondition** @@ -1669,24 +1001,10 @@ rpc RunPodSandbox(RunPodSandboxRequest) returns (RunPodSandboxResponse) {} #### 参数 - - - - - - - - - - - -

参数成员

-

描述

-

PodSandboxConfig config

-

sandbox的配置

-

string runtime_handler

-

指定创建sandbox的runtime运行时,当前支持lcr、kata-runtime运行时类型。

-
+| **参数成员** | **描述** | +|-------------------------|-----------------------------------------------------------------------| +| PodSandboxConfig config | sandbox的配置 | +| string runtime_handler | 指定创建sandbox的runtime运行时,当前支持lcr、kata-runtime运行时类型。 | #### 返回值 @@ -1832,24 +1150,10 @@ rpc PodSandboxStatus(PodSandboxStatusRequest) returns (PodSandboxStatusResponse) #### 返回值 - - - - - - - - - - - -

返回值

-

描述

-

PodSandboxStatus status

-

sandbox的状态信息

-

map<string, string> info

-

sandbox的额外信息,key是任意string,value是json格式的字符串,这些信息可以是任意调试内容。当verbose为true时info不能为空。(暂不支持配置)

-
+| **返回值** | **描述** | +|--------------------------|------------------------------------------------------------------------------------------------------------------------------------------| +| PodSandboxStatus status | sandbox的状态信息 | +| map\ info | sandbox的额外信息,key是任意string,value是json格式的字符串,这些信息可以是任意调试内容。当verbose为true时info不能为空。(暂不支持配置) | #### ListPodSandbox @@ -1865,35 +1169,15 @@ rpc ListPodSandbox(ListPodSandboxRequest) returns (ListPodSandboxResponse) {} #### 参数 - - - - - - - - -

参数成员

-

描述

-

PodSandboxFilter filter

-

条件过滤参数

-
+| **参数成员** | **描述** | +|-------------------------|--------------| +| PodSandboxFilter filter | 条件过滤参数 | #### 返回值 - - - - - - - - -

返回值

-

描述

-

repeated PodSandbox items

-

sandbox信息的列表

-
+| **返回值** | **描述** | +|---------------------------|-------------------| +| repeated PodSandbox items | sandbox信息的列表 | #### CreateContainer @@ -1915,29 +1199,11 @@ rpc CreateContainer(CreateContainerRequest) returns (CreateContainerResponse) {} #### 参数 - - - - - - - - - - - - - - -

参数成员

-

描述

-

string pod_sandbox_id

-

待在其中创建容器的PodSandbox的ID。

-

ContainerConfig config

-

容器的配置信息

-

PodSandboxConfig sandbox_config

-

PodSandbox的配置信息

-
+| **参数成员** | **描述** | +|---------------------------------|------------------------------------| +| string pod_sandbox_id | 待在其中创建容器的PodSandbox的ID。 | +| ContainerConfig config | 容器的配置信息 | +| PodSandboxConfig sandbox_config | PodSandbox的配置信息 | #### 补充 @@ -2102,35 +1368,15 @@ rpc ListContainers(ListContainersRequest) returns (ListContainersResponse) {} #### 参数 - - - - - - - - -

参数成员

-

描述

-

ContainerFilter filter

-

条件过滤参数

-
+| **参数成员** | **描述** | +|------------------------|--------------| +| ContainerFilter filter | 条件过滤参数 | #### 返回值 - - - - - - - - -

返回值

-

描述

-

repeated Container containers

-

容器信息的列表

-
+| **返回值** | **描述** | +|-------------------------------|----------------| +| repeated Container containers | 容器信息的列表 | #### ContainerStatus @@ -2167,24 +1413,10 @@ rpc ContainerStatus(ContainerStatusRequest) returns (ContainerStatusResponse) {} #### 返回值 - - - - - - - - - - - -

返回值

-

描述

-

ContainerStatus status

-

容器的状态信息

-

map<string, string> info

-

sandbox的额外信息,key是任意string,value是json格式的字符串,这些信息可以是任意调试内容。当verbose为true时info不能为空。(暂不支持配置)

-
+| **返回值** | **描述** | +|--------------------------|------------------------------------------------------------------------------------------------------------------------------------------| +| ContainerStatus status | 容器的状态信息 | +| map\ info | sandbox的额外信息,key是任意string,value是json格式的字符串,这些信息可以是任意调试内容。当verbose为true时info不能为空。(暂不支持配置) | #### UpdateContainerResources @@ -2205,24 +1437,10 @@ rpc UpdateContainerResources(UpdateContainerResourcesRequest) returns (UpdateCon #### 参数 - - - - - - - - - - - -

参数成员

-

描述

-

string container_id

-

容器id

-

LinuxContainerResources linux

-

linux资源配置信息

-
+| **参数成员** | **描述** | +|-------------------------------|-------------------| +| string container_id | 容器id | +| LinuxContainerResources linux | linux资源配置信息 | #### 返回值 @@ -2463,19 +1681,9 @@ rpc ContainerStats(ContainerStatsRequest) returns (ContainerStatsResponse) {} #### 返回值 - - - - - - - - -

返回值

-

描述

-

ContainerStats stats

-

容器信息。注:disk和inodes只支持oci格式镜像起的容器查询

-
+| **返回值** | **描述** | +|----------------------|---------------------------------------------------------| +| ContainerStats stats | 容器信息。
注:disk和inodes只支持oci格式镜像起的容器查询 | #### ListContainerStats @@ -2491,35 +1699,15 @@ rpc ListContainerStats(ListContainerStatsRequest) returns (ListContainerStatsRes #### 参数 - - - - - - - - -

参数成员

-

描述

-

ContainerStatsFilter filter

-

条件过滤参数

-
+| **参数成员** | **描述** | +|-----------------------------|--------------| +| ContainerStatsFilter filter | 条件过滤参数 | #### 返回值 - - - - - - - - -

返回值

-

描述

-

repeated ContainerStats stats

-

容器信息的列表。注:disk和inodes只支持oci格式镜像启动的容器查询

-
+| **返回值** | **描述** | +|-------------------------------|-----------------------------------------------------------------| +| repeated ContainerStats stats | 容器信息的列表。注:disk和inodes只支持oci格式镜像启动的容器查询 | #### UpdateRuntimeConfig @@ -2539,19 +1727,9 @@ rpc UpdateRuntimeConfig(UpdateRuntimeConfigRequest) returns (UpdateRuntimeConfig #### 参数 - - - - - - - - -

参数成员

-

描述

-

RuntimeConfig runtime_config

-

包含Runtime要配置的信息

-
+| **参数成员** | **描述** | +|------------------------------|-------------------------| +| RuntimeConfig runtime_config | 包含Runtime要配置的信息 | #### 返回值 @@ -2591,24 +1769,10 @@ rpc Status(StatusRequest) returns (StatusResponse) {}; #### 返回值 - - - - - - - - - - - -

返回值

-

描述

-

RuntimeStatus status

-

Runtime的状态

-

map<string, string> info

-

Runtime额外的信息,info的key为任意值,value为json格式,可包含任何debug信息;只有Verbose为true是才应该被赋值

-
+| **返回值** | **描述** | +|--------------------------|-------------------------------------------------------------------------------------------------------------| +| RuntimeStatus status | Runtime的状态 | +| map\ info | Runtime额外的信息,info的key为任意值,value为json格式,可包含任何debug信息;只有Verbose为true是才应该被赋值 | ### Image服务 @@ -2635,35 +1799,15 @@ rpc ListImages(ListImagesRequest) returns (ListImagesResponse) {} #### 参数 - - - - - - - - -

参数成员

-

描述

-

ImageSpec filter

-

筛选的镜像名称

-
+| **参数成员** | **描述** | +|------------------|----------------| +| ImageSpec filter | 筛选的镜像名称 | #### 返回值 - - - - - - - - -

返回值

-

描述

-

repeated Image images

-

镜像信息列表

-
+| **返回值** | **描述** | +|-----------------------|--------------| +| repeated Image images | 镜像信息列表 | #### ImageStatus @@ -2684,45 +1828,17 @@ rpc ImageStatus(ImageStatusRequest) returns (ImageStatusResponse) {} #### 参数 - - - - - - - - - - - -

参数成员

-

描述

-

ImageSpec image

-

镜像名称

-

bool verbose

-

查询额外信息,暂不支持,无额外信息返回

-
+| **参数成员** | **描述** | +|-----------------|----------------------------------------| +| ImageSpec image | 镜像名称 | +| bool verbose | 查询额外信息,暂不支持,无额外信息返回 | #### 返回值 - - - - - - - - - - - -

返回值

-

描述

-

Image image

-

镜像信息

-

map<string, string> info

-

镜像额外信息,暂不支持,无额外信息返回

-
+| **返回值** | **描述** | +|--------------------------|----------------------------------------| +| Image image | 镜像信息 | +| map\ info | 镜像额外信息,暂不支持,无额外信息返回 | #### PullImage @@ -2742,29 +1858,11 @@ rpc ImageStatus(ImageStatusRequest) returns (ImageStatusResponse) {} #### 参数 - - - - - - - - - - - - - - -

参数成员

-

描述

-

ImageSpec image

-

要下载的镜像名称

-

AuthConfig auth

-

下载私有镜像时的验证信息

-

PodSandboxConfig sandbox_config

-

在Pod上下文中下载镜像(暂不支持)

-
+| **参数成员** | **描述** | +|---------------------------------|-----------------------------------| +| ImageSpec image | 要下载的镜像名称 | +| AuthConfig auth | 下载私有镜像时的验证信息 | +| PodSandboxConfig sandbox_config | 在Pod上下文中下载镜像(暂不支持) | #### 返回值 @@ -2800,19 +1898,9 @@ rpc RemoveImage(RemoveImageRequest) returns (RemoveImageResponse) {} #### 参数 - - - - - - - - -

参数成员

-

描述

-

ImageSpec image

-

要删除的镜像名称或者ID

-
+| **参数成员** | **描述** | +|-----------------|------------------------| +| ImageSpec image | 要删除的镜像名称或者ID | #### 返回值 @@ -2840,19 +1928,9 @@ rpc ImageFsInfo(ImageFsInfoRequest) returns (ImageFsInfoResponse) {} #### 返回值 - - - - - - - - -

返回值

-

描述

-

repeated FilesystemUsage image_filesystems

-

镜像存储文件系统信息

-
+| **返回值** | **描述** | +|--------------------------------------------|----------------------| +| repeated FilesystemUsage image_filesystems | 镜像存储文件系统信息 | ### 约束 diff --git a/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/errorLabelCheck.py b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/errorLabelCheck.py new file mode 100644 index 0000000..153724c --- /dev/null +++ b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/errorLabelCheck.py @@ -0,0 +1,121 @@ +import re +import os +from common import get_pr_files + + +def check_unclosed_tags(html, markdown_lines, html_start_line): + """ + 检查未闭合的HTML标签,并返回错误信息。 + 行号信息映射到原始 Markdown 文件中的位置。 + """ + stack = [] + index = 0 + line_number = 1 + errors = [] + # 精确匹配 HTML 标签的正则表达式 + html_tag_pattern = re.compile(r'<([a-zA-Z]+)(?:\s[^>]*)?(?:/>|>)|') + + while index < len(html): + match = html_tag_pattern.search(html, index) + if not match: + break + + start_index = match.start() + end_index = match.end() + tag = match.group(0) + + # 更新行号 + line_number += html[index:start_index].count('\n') + + # 将 HTML 中的行号映射到原始 Markdown 文件中的行号 + markdown_line_number = html_start_line + line_number - 1 + + if tag.startswith(''): + # 自闭合标签,不压入栈中 + pass + else: + stack.append((tag_name, markdown_line_number)) # 记录标签名和行号 + + index = end_index + + # 检查栈中是否还有未闭合的开始标签 + if stack: + for tag, tag_line in stack: + errors.append(f"在文件中的第 {tag_line} 行发现未闭合的开始标签: <{tag}>") + + return errors + + +def extract_html_from_markdown(markdown): + html_blocks = [] + block_start_lines = [] + # 匹配 HTML 块的正则表达式,如
...
这种完整块 + html_block_pattern = re.compile(r'<([a-zA-Z]+)(?:\s[^>]*)?>(.*?)', re.DOTALL) + # 匹配单个 HTML 标签的正则表达式 + single_tag_pattern = re.compile(r'<([a-zA-Z]+)(?:\s[^>]*)?/>') + + # 先提取完整的 HTML 块 + for match in html_block_pattern.finditer(markdown): + start_index = match.start() + start_line = markdown[:start_index].count('\n') + 1 + html_blocks.append(match.group(0)) + block_start_lines.append(start_line) + + # 再提取单个自闭合 HTML 标签 + for match in single_tag_pattern.finditer(markdown): + start_index = match.start() + start_line = markdown[:start_index].count('\n') + 1 + html_blocks.append(match.group(0)) + block_start_lines.append(start_line) + + return html_blocks, block_start_lines + + +def process_markdown_file(file_path): + """ + 处理Markdown文件,修复未闭合的HTML标签。 + """ + with open(file_path, 'r', encoding='utf-8') as file: + content = file.read() + markdown_lines = content.split('\n') + + html_blocks, block_start_lines = extract_html_from_markdown(content) + all_errors = [] + + for html_block, start_line in zip(html_blocks, block_start_lines): + errors = check_unclosed_tags(html_block, markdown_lines, start_line) + all_errors.extend(errors) + + if all_errors: + for error in all_errors: + print(f"文件{file_path}中发现错误:{error}") + raise ValueError("发现未闭合的HTML标签") + else: + print(f"文件 {file_path} 中的HTML标签已检查,未发现未闭合标签。") + + +if __name__ == "__main__": + try: + pr_files = 'docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/安装特性.md' + for pr_file in pr_files: + if not os.path.exists(pr_file): + print(f"文件不存在: {pr_file}") + continue + if ' ' in pr_file: + pr_file = pr_file.replace(' ', '\ ') + process_markdown_file(pr_file) + print(f"文件 {pr_file} 中的HTML标签已检查,未发现未闭合标签。") + except ValueError as e: + print(f"错误: {e}") + exit(1) # 退出脚本并返回非零状态码 diff --git a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/figures/zh-cn_image_0183048952.png b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/figures/zh-cn_image_0183048952.png similarity index 100% rename from docs/zh/docs/ContainerEngine/iSulaContainerEngine/figures/zh-cn_image_0183048952.png rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/figures/zh-cn_image_0183048952.png diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\351\225\234\345\203\217\347\256\241\347\220\206.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/image-management.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\351\225\234\345\203\217\347\256\241\347\220\206.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/image-management.md diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/installation-configuration.md similarity index 99% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/installation-configuration.md index 1321cfe..9245b2b 100644 --- "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" +++ b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/installation-configuration.md @@ -2,6 +2,7 @@ 本章介绍iSulad的安装、安装后配置,以及升级和卸载的方法。 > ![](./public_sys-resources/icon-note.gif) **说明:** +> > iSulad的安装、升级、卸载均需要使用root权限。 ## 安装方法 @@ -30,8 +31,9 @@ iSulad 安装完成后,可以根据需要进行相关配置。 轻量级容器引擎(iSulad)服务端daemon为isulad,isulad可以通过配置文件进行配置,也可以通过命令行的方式进行配置,例如:isulad --xxx,优先级从高到低是:命令行方式\>配置文件\>代码中默认配置。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->如果采用systemd管理iSulad进程,修改/etc/sysconfig/iSulad文件中的OPTIONS字段,等同于命令行方式进行配置。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 如果采用systemd管理iSulad进程,修改/etc/sysconfig/iSulad文件中的OPTIONS字段,等同于命令行方式进行配置。 - **命令行方式** @@ -60,7 +62,7 @@ iSulad 安装完成后,可以根据需要进行相关配置。 --help Show help --hook-spec Default hook spec file applied to all containers -H, --host The socket name used to create gRPC server - --image-layer-check Check layer intergrity when needed + --image-layer-check Check layer integrity when needed --insecure-registry Disable TLS verification for the given registry --insecure-skip-verify-enforce Force to skip the insecure verify(default false) --log-driver Set daemon log driver, such as: file @@ -544,7 +546,8 @@ iSulad 安装完成后,可以根据需要进行相关配置。 ``` - > ![](./public_sys-resources/icon-notice.gif) **须知:** + > ![](./public_sys-resources/icon-notice.gif) **须知:** + > > 默认配置文件/etc/isulad/daemon.json仅供参考,请根据实际需要进行配置。 ### 存储说明 @@ -637,7 +640,8 @@ iSulad 安装完成后,可以根据需要进行相关配置。 - 日志文件管理: - > ![](./public_sys-resources/icon-notice.gif) **须知:** + > ![](./public_sys-resources/icon-notice.gif) **须知:** + > > 日志功能对接: iSulad由systemd管理,日志也由systemd管理,然后传输给rsyslogd。rsyslog默认会对写日志速度有限制,可以通过修改/etc/rsyslog.conf文件,增加"$imjournalRatelimitInterval 0"配置项,然后重启rsyslogd的服务即可。 - 命令行参数解析限制 @@ -828,7 +832,7 @@ iSulad采用C/S模式进行设计,在默认情况,iSulad守护进程isulad 如果需要采用单向认证方式进行通讯,则服务端采用模式2,客户端采用模式2。 -> ![](./public_sys-resources/icon-notice.gif) **须知:** +> ![](./public_sys-resources/icon-notice.gif) **须知:** > > - 采用RPM安装方式时,服务端配置可通过/etc/isulad/daemon.json以及/etc/sysconfig/iSulad配置修改。 > - 相比非认证或者单向认证方式,双向认证具备更高的安全性,推荐使用双向认证的方式进行通讯。 diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\211\350\243\205-\345\215\207\347\272\247\344\270\216\345\215\270\350\275\275.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/installation-upgrade-Uninstallation.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\256\211\350\243\205-\345\215\207\347\272\247\344\270\216\345\215\270\350\275\275.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/installation-upgrade-Uninstallation.md diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/iSula-shim-v2\345\257\271\346\216\245stratovirt.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/interconnecting-isula-shim-v2-with-stratovirt.md old mode 100755 new mode 100644 similarity index 99% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/iSula-shim-v2\345\257\271\346\216\245stratovirt.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/interconnecting-isula-shim-v2-with-stratovirt.md index 8fd9ec2..571b0d1 --- "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/iSula-shim-v2\345\257\271\346\216\245stratovirt.md" +++ b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/interconnecting-isula-shim-v2-with-stratovirt.md @@ -196,7 +196,7 @@ containerd-shim-kata-v2 使用的虚拟化组件为 StratoVirt 时,iSula 对 $ lsmod |grep vhost_vsock ``` - 下载对应版本和架构的 kernel 并放到 /var/lib/kata/ 路径下, 如下载 openEuler 21.03 版本 x86 架构的内核 [openeuler repo](): + 下载对应版本和架构的 kernel 并放到 /var/lib/kata/ 路径下, 如下载 openEuler 21.03 版本 x86 架构的内核 [openeuler repo](https://repo.openeuler.org): ```bash $ cd /var/lib/kata diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/interconnection-with-the-cni-network.md similarity index 99% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/interconnection-with-the-cni-network.md index 5c683ae..7f63474 100644 --- "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" +++ b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/interconnection-with-the-cni-network.md @@ -108,7 +108,7 @@ Pod配置中和网络相关的还有port\_mappings项,用于设置Pod的端口 StopPodSandbox的时候,会调用退出CNI网络的接口,清理网络相关的资源。 ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** > > - 在调用RemovePodSandbox接口之前,至少要调用一次StopPodSandbox接口。 > - StopPodSandbox调用CNI接口失败,导致的网络资源残留,由CNI网络插件负责清理。 diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/isula\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/isula-faqs.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/isula\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/isula-faqs.md diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/iSulad\346\224\257\346\214\201CDI.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/isulad-support-cdi.md similarity index 97% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/iSulad\346\224\257\346\214\201CDI.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/isulad-support-cdi.md index d8bbd45..08c299a 100644 --- "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/iSulad\346\224\257\346\214\201CDI.md" +++ b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/isulad-support-cdi.md @@ -1,120 +1,120 @@ -# iSulad支持CDI - -## 概述 - -CDI(Container Device Interface,容器设备接口)是容器运行时的一种规范,用于支持第三方设备。 - -CDI解决了如下问题: -在Linux上,为了使容器具有设备感知能力,过去只需在该容器中暴露一个设备节点。但是,随着设备和软件变得越来越复杂,供应商希望执行更多的操作,例如: - -- 向容器公开设备可能需要公开多个设备节点、从运行时命名空间挂载文件或隐藏procfs条目。 -- 执行容器和设备之间的兼容性检查(例如:检查容器是否可以在指定设备上运行)。 -- 执行特定于运行时的操作(例如:虚拟机与基于Linux容器的运行时)。 -- 执行特定于设备的操作(例如:清理GPU的内存或重新配置FPGA)。 - -在缺乏第三方设备标准的情况下,供应商通常不得不为不同的运行时编写和维护多个插件,甚至直接在运行时中贡献特定于供应商的代码。此外,运行时不统一地暴露插件系统(甚至根本不暴露插件系统),导致在更高级别的抽象(例如Kubernetes设备插件)中重复功能。 - -CDI解决上述问题的方法: -CDI描述了一种允许第三方供应商与设备交互的机制,从而不需要更改容器运行时。 - -使用的机制是一个JSON文件(类似于容器网络接口(CNI)),它允许供应商描述容器运行时应该对容器的OCI规范执行的操作。 - -iSulad目前已支持[CDI v0.6.0](https://github.com/cncf-tags/container-device-interface/blob/v0.6.0/SPEC.md)规范。 - -## 配置iSulad支持CDI - -需要对daemon.json做如下配置,然后重启iSulad: - -```json -{ - ... - "enable-cri-v1": true, - "cdi-spec-dirs": ["/etc/cdi", "/var/run/cdi"], - "enable-cdi": true -} -``` - -其中"cdi-spec-dirs"用于指定CDI specs所在目录,如果不指定则默认为"/etc/cdi", "/var/run/cdi"。 - -## 使用示例 - -### CDI specification实例 - -具体每个字段含义详见[CDI v0.6.0](https://github.com/cncf-tags/container-device-interface/blob/v0.6.0/SPEC.md) - -```bash -$ mkdir /etc/cdi -$ cat > /etc/cdi/vendor.json < /etc/cdi/vendor.json < ![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > - 创建容器时通过--security-opt将配置文件传给容器时,采用默认配置文件(/etc/isulad/seccomp\_default.json)。 > - 创建容器时--security-opt设置为unconfined时,对容器不过滤系统调用。 @@ -121,7 +121,7 @@ isula run --rm -it --security-opt seccomp:/path/to/seccomp/profile.json rnd-dock } ``` -> ![](./public_sys-resources/icon-notice.gif) **须知:** +> ![](./public_sys-resources/icon-notice.gif) **须知:** > > - defaultAction、syscalls:对应的action的类型是一样的,但其值是不能一样的,目的就是让所有的syscall都有一个默认的action,并且如果syscalls数组中有明确的定义,就以syscalls中的为准,由于defaultAction、action的值不一样,就能保证action不会有冲突。当前支持的action有: > - "SCMP\_ACT\_ERRNO":禁止,并打印错误信息。 @@ -203,7 +203,7 @@ SELinux\(Security-Enhanced Linux\)是一个Linux内核的安全模块,提供 - 引入SELinux会影响性能,设置SELinux之前需要对场景进行评估,确定必要时打开daemon端SELinux开关并设置容器SELinux配置 - 对挂载卷进行标签配置时,源目录不允许为/、/usr、/etc、/tmp、/home、/run、/var、/root以及/usr的子目录。 -> ![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > - 目前iSulad不支持对容器的文件系统打标签,确保容器文件系统及配置目录打上容器可访问标签,需使用chcon命令对其打上标签。 > - 若iSulad启用SELinux访问控制,建议daemon启动前对/var/lib/isulad目录打上标签,容器容器创建时目录下生产的文件及文件夹将默认继承其标签,例如: diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\346\224\257\346\214\201OCI-hooks.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/supporting-oci-hooks.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\346\224\257\346\214\201OCI-hooks.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/supporting-oci-hooks.md diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\215\270\350\275\275.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/uninstallation.md similarity index 100% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\215\270\350\275\275.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/uninstallation.md diff --git "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\215\207\347\272\247.md" b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/upgrade-methods.md similarity index 94% rename from "docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\215\207\347\272\247.md" rename to docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/upgrade-methods.md index 25b8aa7..d0f24f8 100644 --- "a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/\345\215\207\347\272\247.md" +++ b/docs/zh/Cloud/ContainerEngine/iSulaContainerEngine/upgrade-methods.md @@ -8,7 +8,7 @@ - 若为不同大版本之间的升级,例如从1.x.x版本升级到2.x.x版本,请先保存当前的配置文件/etc/isulad/daemon.json,并卸载已安装的iSulad软件包,然后安装待升级的iSulad软件包,随后恢复配置文件。 -> ![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > - 可通过**sudo rpm -qa |grep iSulad** 或 **isula version** 命令确认当前iSulad的版本号。 > - 相同大版本之间,如果希望手动升级,请下载iSulad及其所有依赖库的RPM包进行升级,参考命令如下: diff --git a/docs/zh/Cloud/ContainerForm/SecureContainer/_menu.md b/docs/zh/Cloud/ContainerForm/SecureContainer/_menu.md new file mode 100644 index 0000000..44c1a7d --- /dev/null +++ b/docs/zh/Cloud/ContainerForm/SecureContainer/_menu.md @@ -0,0 +1,21 @@ +--- +label: '安全容器' +ismanual: 'Y' +description: '安全容器结合了虚拟化技术和容器技术,具有更好的隔离性' +children: + - label: '概述' + href: './overview.md' + - label: '安装与配置' + href: './installation-and-deployment-2.md' + - label: '使用方法' + href: './application-scenarios-2.md' + children: + - label: '管理安全容器的生命周期' + href: './managing-the-lifecycle-of-a-secure-container.md' + - label: '为安全容器配置资源' + href: './configuring-resources-for-a-secure-container.md' + - label: '监控安全容器' + href: './monitoring-secure-containers.md' + - label: '附录' + href: './appendix-2.md' +--- \ No newline at end of file diff --git a/docs/zh/docs/ContainerForm/SecureContainer/appendix-2.md b/docs/zh/Cloud/ContainerForm/SecureContainer/appendix-2.md similarity index 99% rename from docs/zh/docs/ContainerForm/SecureContainer/appendix-2.md rename to docs/zh/Cloud/ContainerForm/SecureContainer/appendix-2.md index 0e722af..9fea9ff 100644 --- a/docs/zh/docs/ContainerForm/SecureContainer/appendix-2.md +++ b/docs/zh/Cloud/ContainerForm/SecureContainer/appendix-2.md @@ -6,8 +6,9 @@ ## configuration-toml配置说明 ->![](./public_sys-resources/icon-note.gif) **说明:** ->configuration.toml配置文件中各个字段的取值以kata-containers-.rpm包中的configuration.toml文件为准,不支持用户对配置文件中的字段任意取值。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> configuration.toml配置文件中各个字段的取值以kata-containers-.rpm包中的configuration.toml文件为准,不支持用户对配置文件中的字段任意取值。 ```conf [hypervisor.qemu] diff --git "a/docs/zh/docs/ContainerForm/SecureContainer/\344\275\277\347\224\250\346\226\271\346\263\225-1.md" b/docs/zh/Cloud/ContainerForm/SecureContainer/application-scenarios-2.md similarity index 36% rename from "docs/zh/docs/ContainerForm/SecureContainer/\344\275\277\347\224\250\346\226\271\346\263\225-1.md" rename to docs/zh/Cloud/ContainerForm/SecureContainer/application-scenarios-2.md index 1b6f532..0850389 100644 --- "a/docs/zh/docs/ContainerForm/SecureContainer/\344\275\277\347\224\250\346\226\271\346\263\225-1.md" +++ b/docs/zh/Cloud/ContainerForm/SecureContainer/application-scenarios-2.md @@ -1,5 +1,6 @@ # 使用方法 本章介绍安全容器的使用方法。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->安全容器的使用需要root权限。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 安全容器的使用需要root权限。 diff --git "a/docs/zh/docs/ContainerForm/SecureContainer/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" b/docs/zh/Cloud/ContainerForm/SecureContainer/configuring-resources-for-a-secure-container.md similarity index 99% rename from "docs/zh/docs/ContainerForm/SecureContainer/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" rename to docs/zh/Cloud/ContainerForm/SecureContainer/configuring-resources-for-a-secure-container.md index ffbccd6..e0b99d1 100644 --- "a/docs/zh/docs/ContainerForm/SecureContainer/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" +++ b/docs/zh/Cloud/ContainerForm/SecureContainer/configuring-resources-for-a-secure-container.md @@ -7,7 +7,7 @@ 安全容器运行于虚拟化隔离的轻量级虚拟机内,因此资源的配置应分为两部分:对轻量级虚拟机的资源配置,即Host资源配置;对虚拟机内容器的配置,即Guest容器资源配置。以下资源配置均分为这两部分。 -## 资源共享-27 +## 资源共享 由于安全容器运行于虚拟化隔离的轻量虚拟机内,故无法访问Host上某些namespace下的资源,因此启动时不支持--net host,--ipc host,--pid host,--uts host。 diff --git a/docs/zh/docs/ContainerForm/SecureContainer/figures/kata-arch.png b/docs/zh/Cloud/ContainerForm/SecureContainer/figures/kata-arch.png similarity index 100% rename from docs/zh/docs/ContainerForm/SecureContainer/figures/kata-arch.png rename to docs/zh/Cloud/ContainerForm/SecureContainer/figures/kata-arch.png diff --git a/docs/zh/docs/ContainerForm/SecureContainer/figures/zh_cn_image_0221924928.png b/docs/zh/Cloud/ContainerForm/SecureContainer/figures/zh_cn_image_0221924928.png similarity index 100% rename from docs/zh/docs/ContainerForm/SecureContainer/figures/zh_cn_image_0221924928.png rename to docs/zh/Cloud/ContainerForm/SecureContainer/figures/zh_cn_image_0221924928.png diff --git "a/docs/zh/docs/ContainerForm/SecureContainer/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256-2.md" b/docs/zh/Cloud/ContainerForm/SecureContainer/installation-and-deployment-2.md similarity index 95% rename from "docs/zh/docs/ContainerForm/SecureContainer/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256-2.md" rename to docs/zh/Cloud/ContainerForm/SecureContainer/installation-and-deployment-2.md index a76b864..7443f11 100644 --- "a/docs/zh/docs/ContainerForm/SecureContainer/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256-2.md" +++ b/docs/zh/Cloud/ContainerForm/SecureContainer/installation-and-deployment-2.md @@ -1,16 +1,12 @@ # 安装与配置 -- [安装与配置](#安装部署.md) - - [安装方法](#安装方法) - - [配置方法](#配置方法) - ## 安装方法 ### 前提条件 - 安全容器的安装需要使用root权限。 - 为了获取更好的性能体验,安全容器需要运行在裸金属服务器上,**暂不支持安全容器运行在虚拟机内**。 -- 安全容器运行依赖以下组件,请确保环境上已安装所需版本的依赖组件。以下组件来自配套的openEuler版本。如果使用iSula容器引擎,请参考iSula容器引擎的[安装与配置](./安装与配置.md)章节安装iSulad。 +- 安全容器运行依赖以下组件,请确保环境上已安装所需版本的依赖组件。以下组件来自配套的openEuler版本。如果使用iSula容器引擎,请参考iSula容器引擎的[安装与配置](../../ContainerEngine/iSulaContainerEngine/installation-configuration.md)章节安装iSulad。 - docker-engine - qemu diff --git "a/docs/zh/docs/ContainerForm/SecureContainer/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" b/docs/zh/Cloud/ContainerForm/SecureContainer/managing-the-lifecycle-of-a-secure-container.md similarity index 96% rename from "docs/zh/docs/ContainerForm/SecureContainer/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" rename to docs/zh/Cloud/ContainerForm/SecureContainer/managing-the-lifecycle-of-a-secure-container.md index dd329f1..1d8d63c 100644 --- "a/docs/zh/docs/ContainerForm/SecureContainer/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" +++ b/docs/zh/Cloud/ContainerForm/SecureContainer/managing-the-lifecycle-of-a-secure-container.md @@ -33,7 +33,8 @@ isula run -tid --runtime kata-runtime --network none busybox ``` - > ![](./public_sys-resources/icon-note.gif) **说明:** + > ![](./public_sys-resources/icon-note.gif) **说明:** + > > 安全容器网络使用仅支持CNI网络,不支持CNM网络,不支持使用-p和--expose暴露容器端口,使用安全容器时需指定参数--net=none。 4. 启动一个Pod @@ -93,7 +94,7 @@ docker rm -f docker exec -ti ``` -> ![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > - 如遇到docker exec -ti进入容器的同时,另一终端执行docker restart或者docker stop命令造成exec界面卡住的情况,可使用Ctrl+P+Q退出docker exec操作界面。 > - 如果使用-d参数则命令在后台执行,不会打印错误信息,其退出码也不能作为命令执行是否正确的判断依据。 diff --git "a/docs/zh/docs/ContainerForm/SecureContainer/\347\233\221\346\216\247\345\256\211\345\205\250\345\256\271\345\231\250.md" b/docs/zh/Cloud/ContainerForm/SecureContainer/monitoring-secure-containers.md similarity index 100% rename from "docs/zh/docs/ContainerForm/SecureContainer/\347\233\221\346\216\247\345\256\211\345\205\250\345\256\271\345\231\250.md" rename to docs/zh/Cloud/ContainerForm/SecureContainer/monitoring-secure-containers.md diff --git "a/docs/zh/docs/ContainerForm/SecureContainer/\345\256\211\345\205\250\345\256\271\345\231\250.md" b/docs/zh/Cloud/ContainerForm/SecureContainer/overview.md similarity index 92% rename from "docs/zh/docs/ContainerForm/SecureContainer/\345\256\211\345\205\250\345\256\271\345\231\250.md" rename to docs/zh/Cloud/ContainerForm/SecureContainer/overview.md index 92975c0..795e528 100644 --- "a/docs/zh/docs/ContainerForm/SecureContainer/\345\256\211\345\205\250\345\256\271\345\231\250.md" +++ b/docs/zh/Cloud/ContainerForm/SecureContainer/overview.md @@ -22,5 +22,6 @@ **图 2** 安全容器与周边组件的关系 ![](./figures/zh_cn_image_0221924928.png) ->![](./public_sys-resources/icon-note.gif) **说明:** ->安全容器的安装和使用需要使用root权限。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 安全容器的安装和使用需要使用root权限。 diff --git a/docs/zh/docs/ContainerForm/SystemContainer/public_sys-resources/icon-caution.gif b/docs/zh/Cloud/ContainerForm/SecureContainer/public_sys-resources/icon-caution.gif similarity index 100% rename from docs/zh/docs/ContainerForm/SystemContainer/public_sys-resources/icon-caution.gif rename to docs/zh/Cloud/ContainerForm/SecureContainer/public_sys-resources/icon-caution.gif diff --git a/docs/zh/docs/ContainerForm/SystemContainer/public_sys-resources/icon-danger.gif b/docs/zh/Cloud/ContainerForm/SecureContainer/public_sys-resources/icon-danger.gif similarity index 100% rename from docs/zh/docs/ContainerForm/SystemContainer/public_sys-resources/icon-danger.gif rename to docs/zh/Cloud/ContainerForm/SecureContainer/public_sys-resources/icon-danger.gif diff --git a/docs/zh/docs/ContainerForm/SystemContainer/public_sys-resources/icon-note.gif b/docs/zh/Cloud/ContainerForm/SecureContainer/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/ContainerForm/SystemContainer/public_sys-resources/icon-note.gif rename to docs/zh/Cloud/ContainerForm/SecureContainer/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/ContainerForm/SystemContainer/public_sys-resources/icon-notice.gif b/docs/zh/Cloud/ContainerForm/SecureContainer/public_sys-resources/icon-notice.gif similarity index 100% rename from docs/zh/docs/ContainerForm/SystemContainer/public_sys-resources/icon-notice.gif rename to docs/zh/Cloud/ContainerForm/SecureContainer/public_sys-resources/icon-notice.gif diff --git a/docs/zh/docs/ContainerForm/SystemContainer/public_sys-resources/icon-tip.gif b/docs/zh/Cloud/ContainerForm/SecureContainer/public_sys-resources/icon-tip.gif similarity index 100% rename from docs/zh/docs/ContainerForm/SystemContainer/public_sys-resources/icon-tip.gif rename to docs/zh/Cloud/ContainerForm/SecureContainer/public_sys-resources/icon-tip.gif diff --git a/docs/zh/docs/ContainerForm/SystemContainer/public_sys-resources/icon-warning.gif b/docs/zh/Cloud/ContainerForm/SecureContainer/public_sys-resources/icon-warning.gif similarity index 100% rename from docs/zh/docs/ContainerForm/SystemContainer/public_sys-resources/icon-warning.gif rename to docs/zh/Cloud/ContainerForm/SecureContainer/public_sys-resources/icon-warning.gif diff --git a/docs/zh/Cloud/ContainerForm/SystemContainer/_menu.md b/docs/zh/Cloud/ContainerForm/SystemContainer/_menu.md new file mode 100644 index 0000000..04240cb --- /dev/null +++ b/docs/zh/Cloud/ContainerForm/SystemContainer/_menu.md @@ -0,0 +1,37 @@ +--- +label: '系统容器' +ismanual: 'Y' +description: '解决在重计算、高性能、大并发的场景下,重型应用和业务云化的问题' +children: + - label: '概述' + href: './overview.md' + - label: '安装指导' + href: './installation-guideline.md' + - label: '使用指南' + href: './usage-guide.md' + children: + - label: '指定rootfs创建容器' + href: './specifying-rootfs-to-create-a-container.md' + - label: '通过systemd启动容器' + href: './using-systemd-to-start-a-container.md' + - label: '容器内reboot/shutdown' + href: './reboot-or-shutdown-in-a-container.md' + - label: 'cgroup路径可配置' + href: './configurable-cgroup-path.md' + - label: 'namespace化内核参数可写' + href: './writable-namespace-kernel-parameters.md' + - label: '共享内存通道' + href: './shared-memory-channels.md' + - label: '动态加载内核模块' + href: './dynamically-loading-the-kernel-module.md' + - label: '环境变量持久化' + href: './environment-variable-persisting.md' + - label: '最大句柄数限制' + href: './maximum-number-of-handles.md' + - label: '安全性和隔离性' + href: './security-and-isolation.md' + - label: '容器资源动态管理' + href: './dynamically-managing-container-resources-syscontainer-tools.md' + - label: '附录' + href: './appendix-1.md' +--- \ No newline at end of file diff --git "a/docs/zh/docs/ContainerForm/SystemContainer/\351\231\204\345\275\225-2.md" b/docs/zh/Cloud/ContainerForm/SystemContainer/appendix-1.md similarity index 99% rename from "docs/zh/docs/ContainerForm/SystemContainer/\351\231\204\345\275\225-2.md" rename to docs/zh/Cloud/ContainerForm/SystemContainer/appendix-1.md index d29a56e..70cc675 100644 --- "a/docs/zh/docs/ContainerForm/SystemContainer/\351\231\204\345\275\225-2.md" +++ b/docs/zh/Cloud/ContainerForm/SystemContainer/appendix-1.md @@ -64,7 +64,7 @@

--env-target-file

  • 字符串变量。
  • 指定env持久化文件路径(路径必须为绝对路径,且文件必须在rootfs目录下),文件如果存在不能超过10MB,如果--env和文件里面的env出现冲突,--env指定值生效。
  • 绝对路径的根目录/为rootfs根目录,,即要指定文件路径为容器内/etc/environment,只用指定env-target-file=/etc/environment,而不是env-target-file=/path/of/root-fs/etc/environemt。
+
  • 字符串变量。
  • 指定env持久化文件路径(路径必须为绝对路径,且文件必须在rootfs目录下),文件如果存在不能超过10MB,如果--env和文件里面的env出现冲突,--env指定值生效。
  • 绝对路径的根目录/为rootfs根目录,,即要指定文件路径为容器内/etc/environment,只用指定env-target-file=/etc/environment,而不是env-target-file=/path/of/root-fs/etc/environment。

--cgroup-parent

diff --git a/docs/zh/docs/ContainerForm/SystemContainer/configurable-cgroup-path.md b/docs/zh/Cloud/ContainerForm/SystemContainer/configurable-cgroup-path.md similarity index 100% rename from docs/zh/docs/ContainerForm/SystemContainer/configurable-cgroup-path.md rename to docs/zh/Cloud/ContainerForm/SystemContainer/configurable-cgroup-path.md diff --git a/docs/zh/docs/ContainerForm/SystemContainer/dynamically-loading-the-kernel-module.md b/docs/zh/Cloud/ContainerForm/SystemContainer/dynamically-loading-the-kernel-module.md similarity index 98% rename from docs/zh/docs/ContainerForm/SystemContainer/dynamically-loading-the-kernel-module.md rename to docs/zh/Cloud/ContainerForm/SystemContainer/dynamically-loading-the-kernel-module.md index bc376d7..dac7da2 100644 --- a/docs/zh/docs/ContainerForm/SystemContainer/dynamically-loading-the-kernel-module.md +++ b/docs/zh/Cloud/ContainerForm/SystemContainer/dynamically-loading-the-kernel-module.md @@ -47,7 +47,7 @@ nf_defrag_ipv6 20480 2 nf_conntrack,ip_vs libcrc32c 16384 3 nf_conntrack,nf_nat,ip_vs ``` -> ![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > - 宿主机需要安装syscontainer-tools。 > - 需要指定--hooks-spec为syscontainer hooks。 diff --git a/docs/zh/docs/ContainerForm/SystemContainer/dynamically-managing-container-resources-(syscontainer-tools).md b/docs/zh/Cloud/ContainerForm/SystemContainer/dynamically-managing-container-resources-syscontainer-tools.md similarity index 99% rename from docs/zh/docs/ContainerForm/SystemContainer/dynamically-managing-container-resources-(syscontainer-tools).md rename to docs/zh/Cloud/ContainerForm/SystemContainer/dynamically-managing-container-resources-syscontainer-tools.md index 73e25a3..287e9b9 100644 --- a/docs/zh/docs/ContainerForm/SystemContainer/dynamically-managing-container-resources-(syscontainer-tools).md +++ b/docs/zh/Cloud/ContainerForm/SystemContainer/dynamically-managing-container-resources-syscontainer-tools.md @@ -244,6 +244,7 @@ container\_id:容器id。 ``` > ![](./public_sys-resources/icon-note.gif) **说明:** + > > 添加虚拟网卡或物理网卡时,请确保网卡处于空闲状态,添加正在使用的网卡会导致系统网络断开。 ## 路由管理 diff --git a/docs/zh/docs/ContainerForm/SystemContainer/environment-variable-persisting.md b/docs/zh/Cloud/ContainerForm/SystemContainer/environment-variable-persisting.md similarity index 100% rename from docs/zh/docs/ContainerForm/SystemContainer/environment-variable-persisting.md rename to docs/zh/Cloud/ContainerForm/SystemContainer/environment-variable-persisting.md diff --git a/docs/zh/docs/ContainerForm/SystemContainer/installation-guideline.md b/docs/zh/Cloud/ContainerForm/SystemContainer/installation-guideline.md similarity index 80% rename from docs/zh/docs/ContainerForm/SystemContainer/installation-guideline.md rename to docs/zh/Cloud/ContainerForm/SystemContainer/installation-guideline.md index 145f758..ce8d5e3 100644 --- a/docs/zh/docs/ContainerForm/SystemContainer/installation-guideline.md +++ b/docs/zh/Cloud/ContainerForm/SystemContainer/installation-guideline.md @@ -1,7 +1,8 @@ # 安装指导 ->![](./public_sys-resources/icon-note.gif) **说明:** ->系统容器的安装需要使用root权限。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 系统容器的安装需要使用root权限。 1. 首先需要安装iSulad容器引擎。 diff --git a/docs/zh/docs/ContainerForm/SystemContainer/maximum-number-of-handles.md b/docs/zh/Cloud/ContainerForm/SystemContainer/maximum-number-of-handles.md similarity index 100% rename from docs/zh/docs/ContainerForm/SystemContainer/maximum-number-of-handles.md rename to docs/zh/Cloud/ContainerForm/SystemContainer/maximum-number-of-handles.md diff --git a/docs/zh/docs/ContainerForm/SystemContainer/system-container.md b/docs/zh/Cloud/ContainerForm/SystemContainer/overview.md similarity index 100% rename from docs/zh/docs/ContainerForm/SystemContainer/system-container.md rename to docs/zh/Cloud/ContainerForm/SystemContainer/overview.md diff --git a/docs/zh/docs/ContainerForm/SecureContainer/public_sys-resources/icon-caution.gif b/docs/zh/Cloud/ContainerForm/SystemContainer/public_sys-resources/icon-caution.gif similarity index 100% rename from docs/zh/docs/ContainerForm/SecureContainer/public_sys-resources/icon-caution.gif rename to docs/zh/Cloud/ContainerForm/SystemContainer/public_sys-resources/icon-caution.gif diff --git a/docs/zh/docs/ContainerForm/SecureContainer/public_sys-resources/icon-danger.gif b/docs/zh/Cloud/ContainerForm/SystemContainer/public_sys-resources/icon-danger.gif similarity index 100% rename from docs/zh/docs/ContainerForm/SecureContainer/public_sys-resources/icon-danger.gif rename to docs/zh/Cloud/ContainerForm/SystemContainer/public_sys-resources/icon-danger.gif diff --git a/docs/zh/docs/ContainerForm/SecureContainer/public_sys-resources/icon-note.gif b/docs/zh/Cloud/ContainerForm/SystemContainer/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/ContainerForm/SecureContainer/public_sys-resources/icon-note.gif rename to docs/zh/Cloud/ContainerForm/SystemContainer/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/ContainerForm/SecureContainer/public_sys-resources/icon-notice.gif b/docs/zh/Cloud/ContainerForm/SystemContainer/public_sys-resources/icon-notice.gif similarity index 100% rename from docs/zh/docs/ContainerForm/SecureContainer/public_sys-resources/icon-notice.gif rename to docs/zh/Cloud/ContainerForm/SystemContainer/public_sys-resources/icon-notice.gif diff --git a/docs/zh/docs/ContainerForm/SecureContainer/public_sys-resources/icon-tip.gif b/docs/zh/Cloud/ContainerForm/SystemContainer/public_sys-resources/icon-tip.gif similarity index 100% rename from docs/zh/docs/ContainerForm/SecureContainer/public_sys-resources/icon-tip.gif rename to docs/zh/Cloud/ContainerForm/SystemContainer/public_sys-resources/icon-tip.gif diff --git a/docs/zh/docs/ContainerForm/SecureContainer/public_sys-resources/icon-warning.gif b/docs/zh/Cloud/ContainerForm/SystemContainer/public_sys-resources/icon-warning.gif similarity index 100% rename from docs/zh/docs/ContainerForm/SecureContainer/public_sys-resources/icon-warning.gif rename to docs/zh/Cloud/ContainerForm/SystemContainer/public_sys-resources/icon-warning.gif diff --git a/docs/zh/docs/ContainerForm/SystemContainer/reboot-or-shutdown-in-a-container.md b/docs/zh/Cloud/ContainerForm/SystemContainer/reboot-or-shutdown-in-a-container.md similarity index 100% rename from docs/zh/docs/ContainerForm/SystemContainer/reboot-or-shutdown-in-a-container.md rename to docs/zh/Cloud/ContainerForm/SystemContainer/reboot-or-shutdown-in-a-container.md diff --git a/docs/zh/docs/ContainerForm/SystemContainer/security-and-isolation.md b/docs/zh/Cloud/ContainerForm/SystemContainer/security-and-isolation.md similarity index 98% rename from docs/zh/docs/ContainerForm/SystemContainer/security-and-isolation.md rename to docs/zh/Cloud/ContainerForm/SystemContainer/security-and-isolation.md index 57b4c54..6344bfa 100644 --- a/docs/zh/docs/ContainerForm/SystemContainer/security-and-isolation.md +++ b/docs/zh/Cloud/ContainerForm/SystemContainer/security-and-isolation.md @@ -48,10 +48,11 @@ user namespace是将容器的root映射到主机的普通用户,使得容器 ### 使用指导 ->![](./public_sys-resources/icon-note.gif) **说明:** ->指定--user-remap参数前,请先将rootfs下所有目录和文件的uid和gid做整体偏移,偏移量为--user-remap指定uid和gid的偏移量。 ->例如将dev目录的uid和gid整体uid和gid偏移100000的参考命令为: ->chown 100000:100000 dev +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 指定--user-remap参数前,请先将rootfs下所有目录和文件的uid和gid做整体偏移,偏移量为--user-remap指定uid和gid的偏移量。 +> 例如将dev目录的uid和gid整体uid和gid偏移100000的参考命令为: +> chown 100000:100000 dev 系统容器启动指定--user-remap参数: @@ -189,7 +190,8 @@ exit - Alice可以执行任何container操作:\{"name":"policy\_5","users":\["alice"\],"actions":\["container"\]\}。 - Alice可以执行任何container操作,但请求的种类只能是get:\{"name":"policy\_5","users":\["alice"\],"actions":\["container"\], "readonly":true \}。 - > ![](./public_sys-resources/icon-note.gif) **说明:** + > ![](./public_sys-resources/icon-note.gif) **说明:** + > > - 配置中匹配action支持正则表达式。 > - users不支持正则表达式。 > - users不能有重复用户,即同一用户不能被多条规则匹配。 diff --git a/docs/zh/docs/ContainerForm/SystemContainer/shared-memory-channels.md b/docs/zh/Cloud/ContainerForm/SystemContainer/shared-memory-channels.md similarity index 98% rename from docs/zh/docs/ContainerForm/SystemContainer/shared-memory-channels.md rename to docs/zh/Cloud/ContainerForm/SystemContainer/shared-memory-channels.md index 3c1dd94..87c11f1 100644 --- a/docs/zh/docs/ContainerForm/SystemContainer/shared-memory-channels.md +++ b/docs/zh/Cloud/ContainerForm/SystemContainer/shared-memory-channels.md @@ -49,7 +49,7 @@ dd: error writing '/testdir/test.file': No space left on device 33554432 bytes (34 MB, 32 MiB) copied, 0.0766899 s, 438 MB/s ``` -> ![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > - 使用--host-channel大小限制时,若在容器内创建共享文件,则会受到容器内的内存配额限制(在容器内存使用达到极限时可能会产生oom)。 > - 若用户在主机端创建共享文件,则不受容器内的内存配额限制。 diff --git a/docs/zh/docs/ContainerForm/SystemContainer/specifying-rootfs-to-create-a-container.md b/docs/zh/Cloud/ContainerForm/SystemContainer/specifying-rootfs-to-create-a-container.md similarity index 94% rename from docs/zh/docs/ContainerForm/SystemContainer/specifying-rootfs-to-create-a-container.md rename to docs/zh/Cloud/ContainerForm/SystemContainer/specifying-rootfs-to-create-a-container.md index 2ce5e30..654b784 100644 --- a/docs/zh/docs/ContainerForm/SystemContainer/specifying-rootfs-to-create-a-container.md +++ b/docs/zh/Cloud/ContainerForm/SystemContainer/specifying-rootfs-to-create-a-container.md @@ -41,5 +41,6 @@ # isula run -tid --system-container --external-rootfs /root/myrootfs none init ``` ->![](./public_sys-resources/icon-note.gif) **说明:** ->rootfs为自定义的文件系统,请用户自行准备。例如容器镜像的tar包解压后,即为一个rootfs。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> rootfs为自定义的文件系统,请用户自行准备。例如容器镜像的tar包解压后,即为一个rootfs。 diff --git a/docs/zh/docs/ContainerForm/SystemContainer/usage-guide.md b/docs/zh/Cloud/ContainerForm/SystemContainer/usage-guide.md similarity index 88% rename from docs/zh/docs/ContainerForm/SystemContainer/usage-guide.md rename to docs/zh/Cloud/ContainerForm/SystemContainer/usage-guide.md index 941c53b..87f72ba 100644 --- a/docs/zh/docs/ContainerForm/SystemContainer/usage-guide.md +++ b/docs/zh/Cloud/ContainerForm/SystemContainer/usage-guide.md @@ -16,5 +16,6 @@ - COMMAND:系统容器启动后执行的命令。 - ARG:系统容器启动后执行命令对应的参数。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->系统容器的使用需要root权限。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 系统容器的使用需要root权限。 diff --git a/docs/zh/docs/ContainerForm/SystemContainer/using-systemd-to-start-a-container.md b/docs/zh/Cloud/ContainerForm/SystemContainer/using-systemd-to-start-a-container.md similarity index 100% rename from docs/zh/docs/ContainerForm/SystemContainer/using-systemd-to-start-a-container.md rename to docs/zh/Cloud/ContainerForm/SystemContainer/using-systemd-to-start-a-container.md diff --git a/docs/zh/docs/ContainerForm/SystemContainer/writable-namespace-kernel-parameters.md b/docs/zh/Cloud/ContainerForm/SystemContainer/writable-namespace-kernel-parameters.md similarity index 100% rename from docs/zh/docs/ContainerForm/SystemContainer/writable-namespace-kernel-parameters.md rename to docs/zh/Cloud/ContainerForm/SystemContainer/writable-namespace-kernel-parameters.md diff --git a/docs/zh/Cloud/ContainerRuntime/Kuasar/_menu.md b/docs/zh/Cloud/ContainerRuntime/Kuasar/_menu.md new file mode 100644 index 0000000..e7c2af6 --- /dev/null +++ b/docs/zh/Cloud/ContainerRuntime/Kuasar/_menu.md @@ -0,0 +1,14 @@ +--- +label: 'Kuasar多沙箱容器运行时' +ismanual: 'Y' +description: '一款支持多种类型沙箱统一管理的容器运行时,可同时支持多种业界主流的沙箱隔离技术' +children: + - label: '概述' + href: './overview.md' + - label: '安装与配置' + href: './kuasar-install-config.md' + - label: '使用指南' + href: './kuasar-usage.md' + - label: '附录' + href: './kuasar-appendix.md' +--- \ No newline at end of file diff --git a/docs/zh/docs/ContainerRuntime/Kuasar/figures/kuasar_arch.png b/docs/zh/Cloud/ContainerRuntime/Kuasar/figures/kuasar_arch.png similarity index 100% rename from docs/zh/docs/ContainerRuntime/Kuasar/figures/kuasar_arch.png rename to docs/zh/Cloud/ContainerRuntime/Kuasar/figures/kuasar_arch.png diff --git a/docs/zh/docs/ContainerRuntime/Kuasar/kuasar-appendix.md b/docs/zh/Cloud/ContainerRuntime/Kuasar/kuasar-appendix.md similarity index 97% rename from docs/zh/docs/ContainerRuntime/Kuasar/kuasar-appendix.md rename to docs/zh/Cloud/ContainerRuntime/Kuasar/kuasar-appendix.md index 9e55c8a..7d44dab 100644 --- a/docs/zh/docs/ContainerRuntime/Kuasar/kuasar-appendix.md +++ b/docs/zh/Cloud/ContainerRuntime/Kuasar/kuasar-appendix.md @@ -1,24 +1,24 @@ -# 附录 - - /var/lib/kuasar/config_stratovirt.toml配置文件字段说明: - -```conf -[sandbox] -log_level :指定kuasar日志级别,默认为info - -[hypervisor] -path :指定stratovirt二进制路径 -machine_type :指定模拟芯片类型,ARM架构为virt,x86架构为q35 -kernel_path :指定guest kernel执行路径 -image_path :指定guest image执行路径 -initrd_path :指定guest initrd执行路径,与image二选一 -kernel_params :指定guest内核运行参数 -vcpus :指定每个沙箱的默认vCPU数量,默认为1 -memory_in_mb :指定每个沙箱的默认内存大小,默认为1024 MiB -block_device_driver :指定块设备驱动 -debug :指定是否开启debug模式 -enable_mem_prealloc :指定是否开启内存预占 - -[hypervisor.virtiofsd_conf] -path :指定vhost_user_fs路径 -``` +# 附录 + + /var/lib/kuasar/config_stratovirt.toml配置文件字段说明: + +```conf +[sandbox] +log_level :指定kuasar日志级别,默认为info + +[hypervisor] +path :指定stratovirt二进制路径 +machine_type :指定模拟芯片类型,ARM架构为virt,x86架构为q35 +kernel_path :指定guest kernel执行路径 +image_path :指定guest image执行路径 +initrd_path :指定guest initrd执行路径,与image二选一 +kernel_params :指定guest内核运行参数 +vcpus :指定每个沙箱的默认vCPU数量,默认为1 +memory_in_mb :指定每个沙箱的默认内存大小,默认为1024 MiB +block_device_driver :指定块设备驱动 +debug :指定是否开启debug模式 +enable_mem_prealloc :指定是否开启内存预占 + +[hypervisor.virtiofsd_conf] +path :指定vhost_user_fs路径 +``` diff --git a/docs/zh/docs/ContainerRuntime/Kuasar/kuasar-install-config.md b/docs/zh/Cloud/ContainerRuntime/Kuasar/kuasar-install-config.md similarity index 88% rename from docs/zh/docs/ContainerRuntime/Kuasar/kuasar-install-config.md rename to docs/zh/Cloud/ContainerRuntime/Kuasar/kuasar-install-config.md index da500f8..2334fa3 100644 --- a/docs/zh/docs/ContainerRuntime/Kuasar/kuasar-install-config.md +++ b/docs/zh/Cloud/ContainerRuntime/Kuasar/kuasar-install-config.md @@ -1,126 +1,126 @@ -# 安装与配置 - -## 安装方法 - -### 前提条件 - -- 为了获取更好的性能体验,kuasar需要运行在裸金属服务器上,**暂不支持kuasar运行在虚拟机内**。 -- kuasar运行依赖以下openEuler组件,请确保环境上已安装所需版本的依赖组件。 - - iSulad(请参考iSula容器引擎的[安装与配置](./安装与配置.md)章节安装iSulad) - - StratoVirt(请参考StratoVirt的[安装](../StratoVirt/安装StratoVirt.md)章节安装StratoVirt) - -### 安装操作 - -1. kuasar发布组件集成在kuasar rpm包中,使用yum命令可以直接安装 - - ```sh - $ yum install kuasar - ``` - -2. 安装启动沙箱及容器需要使用的cri命令行工具crictl - - ```sh - # arm环境 - $ wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-arm64.tar.gz - $ tar -zxvf crictl-v1.25.0-linux-arm64.tar.gz -C /usr/local/bin - # x86环境 - $ wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz - $ tar -zxvf crictl-v1.25.0-linux-amd64.tar.gz -C /usr/local/bin - ``` - -3. 安装cri配置网络需要使用的cni插件 - - ```sh - $ mkdir -p /opt/cni/bin && mkdir -p /etc/cni/net.d - - # arm环境 - $ wget https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-arm64-v1.3.0.tgz - $ tar -zxvf cni-plugins-linux-arm64-v1.3.0.tgz -C /opt/cni/bin/ - # x86环境 - $ wget https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-amd64-v1.3.0.tgz - $ tar -zxvf cni-plugins-linux-amd64-v1.3.0.tgz -C /opt/cni/bin/ - ``` - -## 配置方法 - -### iSulad容器引擎的配置 - -修改iSulad容器引擎的配置文件/etc/isulad/daemon.json以支持iSulad容器引擎调用kuasar vmm虚拟机类型的容器运行时,新增如下配置: - -```sh -$ cat /etc/isulad/daemon.json -... - "cri-sandboxers": { - "vmm": { - "name": "vmm", - "address": "/run/vmm-sandboxer.sock" - } - }, - "cri-runtimes": { - "vmm": "io.containerd.vmm.v1" - }, -... -``` - -重新启动iSulad - -```sh -$ systemctl restart isulad -``` - -### crictl的配置 - -修改crictl配置文件/etc/crictl.yaml对接isulad - -```sh -$ cat /etc/crictl.yaml -runtime-endpoint: unix:///var/run/isulad.sock -image-endpoint: unix:///var/run/isulad.sock -timeout: 10 -``` - -### kuasar的配置 - -修改kuasar对接stratovirt配置文件(可使用默认配置,配置文件字段说明详见[附录](./kuasar附录.md )) - -```sh -$ cat /var/lib/kuasar/config_stratovirt.toml -[sandbox] -log_level = "info" - -[hypervisor] -path = "/usr/bin/stratovirt" -machine_type = "virt,mem-share=on" -kernel_path = "/var/lib/kuasar/vmlinux.bin" -image_path = "" -initrd_path = "/var/lib/kuasar/kuasar.initrd" -kernel_params = "task.log_level=debug task.sharefs_type=virtiofs" -vcpus = 1 -memory_in_mb = 1024 -block_device_driver = "virtio-blk" -debug = true -enable_mem_prealloc = false - -[hypervisor.virtiofsd_conf] -path = "/usr/bin/vhost_user_fs" -``` - -启动kuasar-vmm服务 - -```sh -$ systemctl start kuasar-vmm -``` - -确认服务已处于running状态 - -```sh -$ systemctl status kuasar-vmm -● kuasar-vmm.service - Kuasar microVM type sandboxer daemon process - Loaded: loaded (/usr/lib/systemd/system/kuasar-vmm.service; disabled; vendor preset: disabled) - Active: active (running) since Sat 2023-08-26 14:57:08 CST; 1h 25min ago - Main PID: 1000445 (vmm-sandboxer) - Tasks: 99 (limit: 814372) - Memory: 226.4M - CGroup: /system.slice/kuasar-vmm.service - └─ 1000445 /usr/local/bin/vmm-sandboxer --listen /run/vmm-sandboxer.sock --dir /run/kuasar-vmm -``` +# 安装与配置 + +## 安装方法 + +### 前提条件 + +- 为了获取更好的性能体验,kuasar需要运行在裸金属服务器上,**暂不支持kuasar运行在虚拟机内**。 +- kuasar运行依赖以下openEuler组件,请确保环境上已安装所需版本的依赖组件。 + - iSulad(请参考iSula容器引擎的[安装与配置](../../ContainerEngine/iSulaContainerEngine/installation-configuration.md)章节安装iSulad) + - StratoVirt(请参考StratoVirt的[安装](https://gitee.com/openeuler/docs/blob/25.03/docs/zh/Virtualization/VirtualizationPlatform/StratoVirt/Install_StratoVirt.md)章节安装StratoVirt) + +### 安装操作 + +1. kuasar发布组件集成在kuasar rpm包中,使用yum命令可以直接安装 + + ```sh + $ yum install kuasar + ``` + +2. 安装启动沙箱及容器需要使用的cri命令行工具crictl + + ```sh + # arm环境 + $ wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-arm64.tar.gz + $ tar -zxvf crictl-v1.25.0-linux-arm64.tar.gz -C /usr/local/bin + # x86环境 + $ wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz + $ tar -zxvf crictl-v1.25.0-linux-amd64.tar.gz -C /usr/local/bin + ``` + +3. 安装cri配置网络需要使用的cni插件 + + ```sh + $ mkdir -p /opt/cni/bin && mkdir -p /etc/cni/net.d + + # arm环境 + $ wget https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-arm64-v1.3.0.tgz + $ tar -zxvf cni-plugins-linux-arm64-v1.3.0.tgz -C /opt/cni/bin/ + # x86环境 + $ wget https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-amd64-v1.3.0.tgz + $ tar -zxvf cni-plugins-linux-amd64-v1.3.0.tgz -C /opt/cni/bin/ + ``` + +## 配置方法 + +### iSulad容器引擎的配置 + +修改iSulad容器引擎的配置文件/etc/isulad/daemon.json以支持iSulad容器引擎调用kuasar vmm虚拟机类型的容器运行时,新增如下配置: + +```sh +$ cat /etc/isulad/daemon.json +... + "cri-sandboxers": { + "vmm": { + "name": "vmm", + "address": "/run/vmm-sandboxer.sock" + } + }, + "cri-runtimes": { + "vmm": "io.containerd.vmm.v1" + }, +... +``` + +重新启动iSulad + +```sh +$ systemctl restart isulad +``` + +### crictl的配置 + +修改crictl配置文件/etc/crictl.yaml对接isulad + +```sh +$ cat /etc/crictl.yaml +runtime-endpoint: unix:///var/run/isulad.sock +image-endpoint: unix:///var/run/isulad.sock +timeout: 10 +``` + +### kuasar的配置 + +修改kuasar对接stratovirt配置文件(可使用默认配置,配置文件字段说明详见[附录](./kuasar-appendix.md)) + +```sh +$ cat /var/lib/kuasar/config_stratovirt.toml +[sandbox] +log_level = "info" + +[hypervisor] +path = "/usr/bin/stratovirt" +machine_type = "virt,mem-share=on" +kernel_path = "/var/lib/kuasar/vmlinux.bin" +image_path = "" +initrd_path = "/var/lib/kuasar/kuasar.initrd" +kernel_params = "task.log_level=debug task.sharefs_type=virtiofs" +vcpus = 1 +memory_in_mb = 1024 +block_device_driver = "virtio-blk" +debug = true +enable_mem_prealloc = false + +[hypervisor.virtiofsd_conf] +path = "/usr/bin/vhost_user_fs" +``` + +启动kuasar-vmm服务 + +```sh +$ systemctl start kuasar-vmm +``` + +确认服务已处于running状态 + +```sh +$ systemctl status kuasar-vmm +● kuasar-vmm.service - Kuasar microVM type sandboxer daemon process + Loaded: loaded (/usr/lib/systemd/system/kuasar-vmm.service; disabled; vendor preset: disabled) + Active: active (running) since Sat 2023-08-26 14:57:08 CST; 1h 25min ago + Main PID: 1000445 (vmm-sandboxer) + Tasks: 99 (limit: 814372) + Memory: 226.4M + CGroup: /system.slice/kuasar-vmm.service + └─ 1000445 /usr/local/bin/vmm-sandboxer --listen /run/vmm-sandboxer.sock --dir /run/kuasar-vmm +``` diff --git a/docs/zh/docs/ContainerRuntime/Kuasar/kuasar-usage.md b/docs/zh/Cloud/ContainerRuntime/Kuasar/kuasar-usage.md similarity index 96% rename from docs/zh/docs/ContainerRuntime/Kuasar/kuasar-usage.md rename to docs/zh/Cloud/ContainerRuntime/Kuasar/kuasar-usage.md index 4f579ec..c326b1d 100644 --- a/docs/zh/docs/ContainerRuntime/Kuasar/kuasar-usage.md +++ b/docs/zh/Cloud/ContainerRuntime/Kuasar/kuasar-usage.md @@ -1,92 +1,93 @@ -# 使用指南 - -启动kuasar沙箱的操作步骤如下: - -1. 确保kuasar及其相关组件已经正确安装配置 - -2. 准备业务容器镜像,假设容器镜像为busybox,使用iSula容器引擎下载容器镜像 - - ```sh - $ isula pull busybox - ``` - -3. 准备pod和container的yaml文件,范例如下: - - ```sh - $ cat podsandbox.yaml - metadata: - name: busybox-sandbox - namespace: default - uid: hdishd83djaidwnduwk28bcsc - log_directory: /tmp - linux: - namespaces: - options: {} - - $ cat pod-container.yaml - metadata: - name: busybox - image: - image: docker.io/library/busybox:latest - command: - - top - log_path: busybox.log - ``` - -4. 启动pod - - ```sh - $ crictl runp --runtime=vmm podsandbox.yaml - 5cbcf744949d8500e7159d6bd1e3894211f475549c0be15d9c60d3c502c7ede3 - ``` - - 查看pod列表,pod为Ready状态 - - ```sh - $ crictl pods - POD ID CREATED STATE NAME NAMESPACE ATTEMPT - 5cbcf744949d8 About a minute ago Ready busybox-sandbox default 1 - ``` - -5. 在pod内创建一个业务容器 - - ```sh - $ crictl create 5cbcf744949d8500e7159d6bd1e3894211f475549c0be15d9c60d3c502c7ede3 pod-container.yaml podsandbox.yaml - c11df540f913e57d1e28372334c028fd6550a2ba73208a3991fbcdb421804a50 - ``` - - 查看容器列表,容器为Created状态 - - ```sh - $ crictl ps -a - CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID - c11df540f913e docker.io/library/busybox:latest 15 seconds ago Created busybox 0 5cbcf744949d - ``` - -6. 启动业务容器 - - ```sh - $ crictl start c11df540f913e57d1e28372334c028fd6550a2ba73208a3991fbcdb421804a50 - ``` - - 查看容器列表,容器为running状态 - - ```sh - $ crictl ps - CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID - c11df540f913e docker.io/library/busybox:latest 2 minutes ago Running busybox 0 5cbcf744949d8 - ``` - - > ![](./public_sys-resources/icon-note.gif) **说明:** - > 以上步骤4、5、6也可以通过`crictl run`命令直接启动一个pod以及对应的业务容器 - > - > ```sh - > $ crictl run -r vmm --no-pull container-config.yaml podsandbox-config.yaml - > ``` - -7. 停止并删除容器以及pod - - ```sh - $ crictl rm -f c11df540f913e - $ crictl rmp -f 5cbcf744949d8 - ``` +# 使用指南 + +启动kuasar沙箱的操作步骤如下: + +1. 确保kuasar及其相关组件已经正确安装配置 + +2. 准备业务容器镜像,假设容器镜像为busybox,使用iSula容器引擎下载容器镜像 + + ```sh + $ isula pull busybox + ``` + +3. 准备pod和container的yaml文件,范例如下: + + ```sh + $ cat podsandbox.yaml + metadata: + name: busybox-sandbox + namespace: default + uid: hdishd83djaidwnduwk28bcsc + log_directory: /tmp + linux: + namespaces: + options: {} + + $ cat pod-container.yaml + metadata: + name: busybox + image: + image: docker.io/library/busybox:latest + command: + - top + log_path: busybox.log + ``` + +4. 启动pod + + ```sh + $ crictl runp --runtime=vmm podsandbox.yaml + 5cbcf744949d8500e7159d6bd1e3894211f475549c0be15d9c60d3c502c7ede3 + ``` + + 查看pod列表,pod为Ready状态 + + ```sh + $ crictl pods + POD ID CREATED STATE NAME NAMESPACE ATTEMPT + 5cbcf744949d8 About a minute ago Ready busybox-sandbox default 1 + ``` + +5. 在pod内创建一个业务容器 + + ```sh + $ crictl create 5cbcf744949d8500e7159d6bd1e3894211f475549c0be15d9c60d3c502c7ede3 pod-container.yaml podsandbox.yaml + c11df540f913e57d1e28372334c028fd6550a2ba73208a3991fbcdb421804a50 + ``` + + 查看容器列表,容器为Created状态 + + ```sh + $ crictl ps -a + CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID + c11df540f913e docker.io/library/busybox:latest 15 seconds ago Created busybox 0 5cbcf744949d + ``` + +6. 启动业务容器 + + ```sh + $ crictl start c11df540f913e57d1e28372334c028fd6550a2ba73208a3991fbcdb421804a50 + ``` + + 查看容器列表,容器为running状态 + + ```sh + $ crictl ps + CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID + c11df540f913e docker.io/library/busybox:latest 2 minutes ago Running busybox 0 5cbcf744949d8 + ``` + + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > 以上步骤4、5、6也可以通过`crictl run`命令直接启动一个pod以及对应的业务容器 + > + > ```sh + > $ crictl run -r vmm --no-pull container-config.yaml podsandbox-config.yaml + > ``` + +7. 停止并删除容器以及pod + + ```sh + $ crictl rm -f c11df540f913e + $ crictl rmp -f 5cbcf744949d8 + ``` diff --git a/docs/zh/docs/ContainerRuntime/Kuasar/kuasar.md b/docs/zh/Cloud/ContainerRuntime/Kuasar/overview.md similarity index 85% rename from docs/zh/docs/ContainerRuntime/Kuasar/kuasar.md rename to docs/zh/Cloud/ContainerRuntime/Kuasar/overview.md index 55510eb..5f1a13d 100644 --- a/docs/zh/docs/ContainerRuntime/Kuasar/kuasar.md +++ b/docs/zh/Cloud/ContainerRuntime/Kuasar/overview.md @@ -1,12 +1,13 @@ -# Kuasar多沙箱容器运行时 - -## 概述 - -Kuasar是一款支持多种类型沙箱统一管理的容器运行时,可同时支持业界主流的多种沙箱隔离技术,例如包括基于内核的原生容器沙箱、基于轻量级虚拟化技术的microVM沙箱、基于进程级虚拟化的App Kernel沙箱,以及新兴的WebAssembly沙箱。 -openEuler基于Kuasar统一容器运行时并结合已有openEuler生态中iSulad容器引擎和StratoVirt虚拟化引擎技术,打造面向云原生场景轻量级全栈自研的安全容器,构建极低底噪、极速启动的关键竞争力。 - -**图 1** Kuasar多沙箱容器运行时架构 -![](./figures/kuasar_arch.png) - ->![](./public_sys-resources/icon-note.gif) **说明:** ->kuasar的安装和使用需要使用root权限。 +# Kuasar多沙箱容器运行时 + +## 概述 + +Kuasar是一款支持多种类型沙箱统一管理的容器运行时,可同时支持业界主流的多种沙箱隔离技术,例如包括基于内核的原生容器沙箱、基于轻量级虚拟化技术的microVM沙箱、基于进程级虚拟化的App Kernel沙箱,以及新兴的WebAssembly沙箱。 +openEuler基于Kuasar统一容器运行时并结合已有openEuler生态中iSulad容器引擎和StratoVirt虚拟化引擎技术,打造面向云原生场景轻量级全栈自研的安全容器,构建极低底噪、极速启动的关键竞争力。 + +**图 1** Kuasar多沙箱容器运行时架构 +![](./figures/kuasar_arch.png) + +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> kuasar的安装和使用需要使用root权限。 diff --git a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/public_sys-resources/icon-caution.gif b/docs/zh/Cloud/ContainerRuntime/Kuasar/public_sys-resources/icon-caution.gif similarity index 100% rename from docs/zh/docs/ContainerEngine/iSulaContainerEngine/public_sys-resources/icon-caution.gif rename to docs/zh/Cloud/ContainerRuntime/Kuasar/public_sys-resources/icon-caution.gif diff --git a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/public_sys-resources/icon-danger.gif b/docs/zh/Cloud/ContainerRuntime/Kuasar/public_sys-resources/icon-danger.gif similarity index 100% rename from docs/zh/docs/ContainerEngine/iSulaContainerEngine/public_sys-resources/icon-danger.gif rename to docs/zh/Cloud/ContainerRuntime/Kuasar/public_sys-resources/icon-danger.gif diff --git a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/public_sys-resources/icon-note.gif b/docs/zh/Cloud/ContainerRuntime/Kuasar/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/ContainerEngine/iSulaContainerEngine/public_sys-resources/icon-note.gif rename to docs/zh/Cloud/ContainerRuntime/Kuasar/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/public_sys-resources/icon-notice.gif b/docs/zh/Cloud/ContainerRuntime/Kuasar/public_sys-resources/icon-notice.gif similarity index 100% rename from docs/zh/docs/ContainerEngine/iSulaContainerEngine/public_sys-resources/icon-notice.gif rename to docs/zh/Cloud/ContainerRuntime/Kuasar/public_sys-resources/icon-notice.gif diff --git a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/public_sys-resources/icon-tip.gif b/docs/zh/Cloud/ContainerRuntime/Kuasar/public_sys-resources/icon-tip.gif similarity index 100% rename from docs/zh/docs/ContainerEngine/iSulaContainerEngine/public_sys-resources/icon-tip.gif rename to docs/zh/Cloud/ContainerRuntime/Kuasar/public_sys-resources/icon-tip.gif diff --git a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/public_sys-resources/icon-warning.gif b/docs/zh/Cloud/ContainerRuntime/Kuasar/public_sys-resources/icon-warning.gif similarity index 100% rename from docs/zh/docs/ContainerEngine/iSulaContainerEngine/public_sys-resources/icon-warning.gif rename to docs/zh/Cloud/ContainerRuntime/Kuasar/public_sys-resources/icon-warning.gif diff --git a/docs/zh/Cloud/HybridDeployment/oncn-bwm/_menu.md b/docs/zh/Cloud/HybridDeployment/oncn-bwm/_menu.md new file mode 100644 index 0000000..f510974 --- /dev/null +++ b/docs/zh/Cloud/HybridDeployment/oncn-bwm/_menu.md @@ -0,0 +1,8 @@ +--- +label: 'oncn-bwm用户指南' +ismanual: 'Y' +description: '混合业务场景下的Pod带宽管理方案' +children: + - label: '概述' + href: './overview.md' +--- \ No newline at end of file diff --git a/docs/zh/docs/HybridDeployment/oncn-bwm/overview.md b/docs/zh/Cloud/HybridDeployment/oncn-bwm/overview.md similarity index 91% rename from docs/zh/docs/HybridDeployment/oncn-bwm/overview.md rename to docs/zh/Cloud/HybridDeployment/oncn-bwm/overview.md index 231dd02..2eaff8c 100644 --- a/docs/zh/docs/HybridDeployment/oncn-bwm/overview.md +++ b/docs/zh/Cloud/HybridDeployment/oncn-bwm/overview.md @@ -41,7 +41,7 @@ oncn-bwm 工具支持如下功能: oncn-bwm 工具提供了 `bwmcli` 命令行工具来使能 Pod 带宽管理或进行相关配置。`bwmcli` 命令的整体格式如下: -**bwmcli** < option(s) > +**bwmcli** \< option(s) > > 说明: > @@ -61,8 +61,8 @@ oncn-bwm 工具提供了 `bwmcli` 命令行工具来使能 Pod 带宽管理或 | 命令格式 | 功能 | | --------------------------- | ------------------------------------------------------------ | -| **bwmcli –e** <网卡名称> | 使能指定网卡的 Pod 带宽管理。 | -| **bwmcli -d** <网卡名称> | 去除指定网卡的 Pod 带宽管理。 | +| **bwmcli –e** \<网卡名称> | 使能指定网卡的 Pod 带宽管理。 | +| **bwmcli -d** \<网卡名称> | 去除指定网卡的 Pod 带宽管理。 | | **bwmcli -p devs** | 查询节点所有网卡的 Pod 带宽管理。 | > 说明: @@ -106,7 +106,7 @@ oncn-bwm 工具提供了 `bwmcli` 命令行工具来使能 Pod 带宽管理或 | 命令格式 | 功能 | | ------------------------------------------------------------ | ------------------------------------------------------------ | -| **bwmcli –s** *path* | 设置 Pod 网络优先级。其中 *path* 为 Pod 对应的 cgroup 路径, *prio* 为优先级。*path* 取相对路径或者绝对路径均可。 *prio* 缺省值为 0,可选值为 0 和 -1,0 标识为在线业务,-1 标识为离线业务。 | +| **bwmcli –s** *path* \ | 设置 Pod 网络优先级。其中 *path* 为 Pod 对应的 cgroup 路径, *prio* 为优先级。*path* 取相对路径或者绝对路径均可。 *prio* 缺省值为 0,可选值为 0 和 -1,0 标识为在线业务,-1 标识为离线业务。 | | **bwmcli –p** *path* | 查询 Pod 网络优先级。 | > 说明: @@ -166,7 +166,7 @@ oncn-bwm 工具提供了 `bwmcli` 命令行工具来使能 Pod 带宽管理或 | 命令格式 | 功能 | | ---------------------------------------------- | ------------------------------------------------------------ | -| **bwmcli –s waterline** | 设置一个主机/虚拟机的在线业务水线,其中 *val* 为水线值,单位可取值为 kb/mb/gb ,有效范围为 [20mb, 9999gb]。 | +| **bwmcli –s waterline** \ | 设置一个主机/虚拟机的在线业务水线,其中 *val* 为水线值,单位可取值为 kb/mb/gb ,有效范围为 [20mb, 9999gb]。 | | **bwmcli –p waterline** | 查询一个主机/虚拟机的在线业务水线。 | > 说明: diff --git a/docs/zh/Cloud/HybridDeployment/rubik/_menu.md b/docs/zh/Cloud/HybridDeployment/rubik/_menu.md new file mode 100644 index 0000000..4006270 --- /dev/null +++ b/docs/zh/Cloud/HybridDeployment/rubik/_menu.md @@ -0,0 +1,14 @@ +--- +label: '云原生混合部署rubik用户指南' +ismanual: 'Y' +description: '在业务混合部署的场景下,根据QoS分级,对资源进行合理调度' +children: + - label: '概述' + href: './overview.md' + - label: '安装与部署' + href: './installation-and-deployment.md' + - label: 'http接口文档' + href: './http-apis.md' + - label: '混部隔离示例' + href: './example-of-isolation-for-hybrid-deployed-services.md' +--- \ No newline at end of file diff --git a/docs/zh/docs/HybridDeployment/rubik/example-of-isolation-for-hybrid-deployed-services.md b/docs/zh/Cloud/HybridDeployment/rubik/example-of-isolation-for-hybrid-deployed-services.md similarity index 95% rename from docs/zh/docs/HybridDeployment/rubik/example-of-isolation-for-hybrid-deployed-services.md rename to docs/zh/Cloud/HybridDeployment/rubik/example-of-isolation-for-hybrid-deployed-services.md index fdeb315..d16cc67 100644 --- a/docs/zh/docs/HybridDeployment/rubik/example-of-isolation-for-hybrid-deployed-services.md +++ b/docs/zh/Cloud/HybridDeployment/rubik/example-of-isolation-for-hybrid-deployed-services.md @@ -1,233 +1,233 @@ -# 混部隔离示例 - -## 环境准备 - -查看内核是否支持混部隔离功能 - -```bash -# 查看/boot/config-系统配置是否开启混部隔离功能 -# 若CONFIG_QOS_SCHED=y则说明使能了混部隔离功能,例如: -cat /boot/config-5.10.0-60.18.0.50.oe2203.x86_64 | grep CONFIG_QOS -CONFIG_QOS_SCHED=y -``` - -安装docker容器引擎 - -```bash -yum install -y docker-engine -docker version -# 如下为docker version显示结果 -Client: - Version: 18.09.0 - EulerVersion: 18.09.0.300 - API version: 1.39 - Go version: go1.17.3 - Git commit: aa1eee8 - Built: Wed Mar 30 05:07:38 2022 - OS/Arch: linux/amd64 - Experimental: false - -Server: - Engine: - Version: 18.09.0 - EulerVersion: 18.09.0.300 - API version: 1.39 (minimum version 1.12) - Go version: go1.17.3 - Git commit: aa1eee8 - Built: Tue Mar 22 00:00:00 2022 - OS/Arch: linux/amd64 - Experimental: false -``` - -## 混部业务 - -**在线业务(clickhouse)** - -使用clickhouse-benchmark测试工具进行性能测试,统计出QPS/P50/P90/P99等相关性能指标,用法参考: - -**离线业务(stress)** - -stress是一个CPU密集型测试工具,可以通过指定--cpu参数启动多个并发CPU密集型任务给系统环境加压 - -## 使用说明 - -1)启动一个clickhouse容器(在线业务)。 - -2)进入容器内执行clickhouse-benchmark命令,设置并发线程数为10个、查询10000次、查询总时间30s。 - -3)同时启动一个stress容器(离线业务),并发执行10个CPU密集型任务对环境进行加压。 - -4)clickhouse-benchmark执行完后输出一个性能测试报告。 - -混部隔离测试脚本(**test_demo.sh**)如下: - -```bash -#!/bin/bash - -with_offline=${1:-no_offline} -enable_isolation=${2:-no_isolation} -stress_num=${3:-10} -concurrency=10 -timeout=30 -output=/tmp/result.json -online_container= -offline_container= - -exec_sql="echo \"SELECT * FROM system.numbers LIMIT 10000000 OFFSET 10000000\" | clickhouse-benchmark -i 10000 -c $concurrency -t $timeout" - -function prepare() -{ - echo "Launch clickhouse container." - online_container=$(docker run -itd \ - -v /tmp:/tmp:rw \ - --ulimit nofile=262144:262144 \ - -p 34424:34424 \ - yandex/clickhouse-server) - - sleep 3 - echo "Clickhouse container lauched." -} - -function clickhouse() -{ - echo "Start clickhouse benchmark test." - docker exec $online_container bash -c "$exec_sql --json $output" - echo "Clickhouse benchmark test done." -} - -function stress() -{ - echo "Launch stress container." - offline_container=$(docker run -itd joedval/stress --cpu $stress_num) - echo "Stress container launched." - - if [ $enable_isolation == "enable_isolation" ]; then - echo "Set stress container qos level to -1." - echo -1 > /sys/fs/cgroup/cpu/docker/$offline_container/cpu.qos_level - fi -} - -function benchmark() -{ - if [ $with_offline == "with_offline" ]; then - stress - sleep 3 - fi - clickhouse - echo "Remove test containers." - docker rm -f $online_container - docker rm -f $offline_container - echo "Finish benchmark test for clickhouse(online) and stress(offline) colocation." - echo "===============================clickhouse benchmark==================================================" - cat $output - echo "===============================clickhouse benchmark==================================================" -} - -prepare -benchmark -``` - -## 测试结果 - -单独执行clickhouse在线业务 - -```bash -sh test_demo.sh no_offline no_isolation -``` - -得到在线业务的QoS(QPS/P50/P90/P99等指标)**基线数据**如下: - -```json -{ -"localhost:9000": { -"statistics": { -"QPS": 1.8853412284364512, -...... -}, -"query_time_percentiles": { -...... -"50": 0.484905256, -"60": 0.519641313, -"70": 0.570876148, -"80": 0.632544937, -"90": 0.728295525, -"95": 0.808700418, -"99": 0.873945121, -...... -} -} -} -``` - -启用stress离线业务,未开启混部隔离功能下,执行test_demo.sh测试脚本 - -```bash -# with_offline参数表示启用stress离线业务 -# no_isolation参数表示未开启混部隔离功能 -sh test_demo.sh with_offline no_isolation -``` - -**未开启混部隔离的情况下**,clickhouse业务QoS数据(QPS/P80/P90/P99等指标)如下: - -```json -{ -"localhost:9000": { -"statistics": { -"QPS": 0.9424028693636205, -...... -}, -"query_time_percentiles": { -...... -"50": 0.840476774, -"60": 1.304607373, -"70": 1.393591017, -"80": 1.41277543, -"90": 1.430316688, -"95": 1.457534764, -"99": 1.555646855, -...... -} -} -``` - -启用stress离线业务,开启混部隔离功能下,执行test_demo.sh测试脚本 - -```bash -# with_offline参数表示启用stress离线业务 -# enable_isolation参数表示开启混部隔离功能 -sh test_demo.sh with_offline enable_isolation -``` - -**开启混部隔离功能的情况下**,clickhouse业务QoS数据(QPS/P80/P90/P99等指标)如下: - -```json -{ -"localhost:9000": { -"statistics": { -"QPS": 1.8825798759270718, -...... -}, -"query_time_percentiles": { -...... -"50": 0.485725185, -"60": 0.512629901, -"70": 0.55656488, -"80": 0.636395956, -"90": 0.734695906, -"95": 0.804118275, -"99": 0.887807409, -...... -} -} -} -``` - -从上面的测试结果整理出一个表格如下: - -| 业务部署方式 | QPS | P50 | P90 | P99 | -| -------------------------------------- | ------------- | ------------- | ------------- | ------------- | -| 单独运行clickhouse在线业务(基线) | 1.885 | 0.485 | 0.728 | 0.874 | -| clickhouse+stress(未开启混部隔离功能) | 0.942(-50%) | 0.840(-42%) | 1.430(-49%) | 1.556(-44%) | -| clickhouse+stress(开启混部隔离功能) | 1.883(-0.11%) | 0.486(-0.21%) | 0.735(-0.96%) | 0.888(-1.58%) | - -在未开启混部隔离功能的情况下,在线业务clickhouse的QPS从1.9下降到0.9,同时业务的响应时延(P90)也从0.7s增大到1.4s,在线业务QoS下降了50%左右;而在开启混部隔离功能的情况下,不管是在线业务的QPS还是响应时延(P50/P90/P99)相比于基线值下降不到2%,在线业务QoS基本没有变化。 +# 混部隔离示例 + +## 环境准备 + +查看内核是否支持混部隔离功能 + +```bash +# 查看/boot/config-系统配置是否开启混部隔离功能 +# 若CONFIG_QOS_SCHED=y则说明使能了混部隔离功能,例如: +cat /boot/config-5.10.0-60.18.0.50.oe2203.x86_64 | grep CONFIG_QOS +CONFIG_QOS_SCHED=y +``` + +安装docker容器引擎 + +```bash +yum install -y docker-engine +docker version +# 如下为docker version显示结果 +Client: + Version: 18.09.0 + EulerVersion: 18.09.0.300 + API version: 1.39 + Go version: go1.17.3 + Git commit: aa1eee8 + Built: Wed Mar 30 05:07:38 2022 + OS/Arch: linux/amd64 + Experimental: false + +Server: + Engine: + Version: 18.09.0 + EulerVersion: 18.09.0.300 + API version: 1.39 (minimum version 1.12) + Go version: go1.17.3 + Git commit: aa1eee8 + Built: Tue Mar 22 00:00:00 2022 + OS/Arch: linux/amd64 + Experimental: false +``` + +## 混部业务 + +**在线业务(clickhouse)** + +使用clickhouse-benchmark测试工具进行性能测试,统计出QPS/P50/P90/P99等相关性能指标,用法参考: + +**离线业务(stress)** + +stress是一个CPU密集型测试工具,可以通过指定--cpu参数启动多个并发CPU密集型任务给系统环境加压 + +## 使用说明 + +1)启动一个clickhouse容器(在线业务)。 + +2)进入容器内执行clickhouse-benchmark命令,设置并发线程数为10个、查询10000次、查询总时间30s。 + +3)同时启动一个stress容器(离线业务),并发执行10个CPU密集型任务对环境进行加压。 + +4)clickhouse-benchmark执行完后输出一个性能测试报告。 + +混部隔离测试脚本(**test_demo.sh**)如下: + +```bash +#!/bin/bash + +with_offline=${1:-no_offline} +enable_isolation=${2:-no_isolation} +stress_num=${3:-10} +concurrency=10 +timeout=30 +output=/tmp/result.json +online_container= +offline_container= + +exec_sql="echo \"SELECT * FROM system.numbers LIMIT 10000000 OFFSET 10000000\" | clickhouse-benchmark -i 10000 -c $concurrency -t $timeout" + +function prepare() +{ + echo "Launch clickhouse container." + online_container=$(docker run -itd \ + -v /tmp:/tmp:rw \ + --ulimit nofile=262144:262144 \ + -p 34424:34424 \ + yandex/clickhouse-server) + + sleep 3 + echo "Clickhouse container launched." +} + +function clickhouse() +{ + echo "Start clickhouse benchmark test." + docker exec $online_container bash -c "$exec_sql --json $output" + echo "Clickhouse benchmark test done." +} + +function stress() +{ + echo "Launch stress container." + offline_container=$(docker run -itd joedval/stress --cpu $stress_num) + echo "Stress container launched." + + if [ $enable_isolation == "enable_isolation" ]; then + echo "Set stress container qos level to -1." + echo -1 > /sys/fs/cgroup/cpu/docker/$offline_container/cpu.qos_level + fi +} + +function benchmark() +{ + if [ $with_offline == "with_offline" ]; then + stress + sleep 3 + fi + clickhouse + echo "Remove test containers." + docker rm -f $online_container + docker rm -f $offline_container + echo "Finish benchmark test for clickhouse(online) and stress(offline) colocation." + echo "===============================clickhouse benchmark==================================================" + cat $output + echo "===============================clickhouse benchmark==================================================" +} + +prepare +benchmark +``` + +## 测试结果 + +单独执行clickhouse在线业务 + +```bash +sh test_demo.sh no_offline no_isolation +``` + +得到在线业务的QoS(QPS/P50/P90/P99等指标)**基线数据**如下: + +```json +{ +"localhost:9000": { +"statistics": { +"QPS": 1.8853412284364512, +...... +}, +"query_time_percentiles": { +...... +"50": 0.484905256, +"60": 0.519641313, +"70": 0.570876148, +"80": 0.632544937, +"90": 0.728295525, +"95": 0.808700418, +"99": 0.873945121, +...... +} +} +} +``` + +启用stress离线业务,未开启混部隔离功能下,执行test_demo.sh测试脚本 + +```bash +# with_offline参数表示启用stress离线业务 +# no_isolation参数表示未开启混部隔离功能 +sh test_demo.sh with_offline no_isolation +``` + +**未开启混部隔离的情况下**,clickhouse业务QoS数据(QPS/P80/P90/P99等指标)如下: + +```json +{ +"localhost:9000": { +"statistics": { +"QPS": 0.9424028693636205, +...... +}, +"query_time_percentiles": { +...... +"50": 0.840476774, +"60": 1.304607373, +"70": 1.393591017, +"80": 1.41277543, +"90": 1.430316688, +"95": 1.457534764, +"99": 1.555646855, +...... +} +} +``` + +启用stress离线业务,开启混部隔离功能下,执行test_demo.sh测试脚本 + +```bash +# with_offline参数表示启用stress离线业务 +# enable_isolation参数表示开启混部隔离功能 +sh test_demo.sh with_offline enable_isolation +``` + +**开启混部隔离功能的情况下**,clickhouse业务QoS数据(QPS/P80/P90/P99等指标)如下: + +```json +{ +"localhost:9000": { +"statistics": { +"QPS": 1.8825798759270718, +...... +}, +"query_time_percentiles": { +...... +"50": 0.485725185, +"60": 0.512629901, +"70": 0.55656488, +"80": 0.636395956, +"90": 0.734695906, +"95": 0.804118275, +"99": 0.887807409, +...... +} +} +} +``` + +从上面的测试结果整理出一个表格如下: + +| 业务部署方式 | QPS | P50 | P90 | P99 | +| -------------------------------------- | ------------- | ------------- | ------------- | ------------- | +| 单独运行clickhouse在线业务(基线) | 1.885 | 0.485 | 0.728 | 0.874 | +| clickhouse+stress(未开启混部隔离功能) | 0.942(-50%) | 0.840(-42%) | 1.430(-49%) | 1.556(-44%) | +| clickhouse+stress(开启混部隔离功能) | 1.883(-0.11%) | 0.486(-0.21%) | 0.735(-0.96%) | 0.888(-1.58%) | + +在未开启混部隔离功能的情况下,在线业务clickhouse的QPS从1.9下降到0.9,同时业务的响应时延(P90)也从0.7s增大到1.4s,在线业务QoS下降了50%左右;而在开启混部隔离功能的情况下,不管是在线业务的QPS还是响应时延(P50/P90/P99)相比于基线值下降不到2%,在线业务QoS基本没有变化。 diff --git a/docs/zh/docs/ContainerEngine/DockerEngine/public_sys-resources/icon-note.gif b/docs/zh/Cloud/HybridDeployment/rubik/figures/icon-note.gif similarity index 100% rename from docs/zh/docs/ContainerEngine/DockerEngine/public_sys-resources/icon-note.gif rename to docs/zh/Cloud/HybridDeployment/rubik/figures/icon-note.gif diff --git a/docs/zh/docs/HybridDeployment/rubik/http-apis.md b/docs/zh/Cloud/HybridDeployment/rubik/http-apis.md similarity index 97% rename from docs/zh/docs/HybridDeployment/rubik/http-apis.md rename to docs/zh/Cloud/HybridDeployment/rubik/http-apis.md index 75bca4a..d8ec858 100644 --- a/docs/zh/docs/HybridDeployment/rubik/http-apis.md +++ b/docs/zh/Cloud/HybridDeployment/rubik/http-apis.md @@ -1,67 +1,67 @@ -# http接口 - -## 概述 - -rubik对外开放接口均为http接口,当前包括pod优先级设置/更新接口、rubik探活接口和rubik版本号查询接口。 - -## 接口介绍 - -### 设置、更新Pod优先级接口 - -rubik提供了设置或更新pod优先级的功能,外部可通过调用该接口发送pod相关信息,rubik根据接收到的pod信息对其设置优先级从而达到资源隔离的目的。接口调用格式为: - -```bash -HTTP POST /run/rubik/rubik.sock -{ - "Pods": { - "podaaa": { - "CgroupPath": "kubepods/burstable/podaaa", - "QosLevel": 0 - }, - "podbbb": { - "CgroupPath": "kubepods/burstable/podbbb", - "QosLevel": -1 - } - } -} -``` - -Pods 配置中为需要设置或更新优先级的 Pod 信息,每一个http请求至少需要指定配置1个 pod,每个 pod 必须指定CgroupPath 和 QosLevel,其含义如下: - -| 配置项 | 配置值类型 | 配置取值范围 | 配置含义 | -| ---------- | ---------- | ------------ | ------------------------------------------------------- | -| QosLevel | int | 0、-1 | pod优先级,0表示其为在线业务,-1表示其为离线业务 | -| CgroupPath | string | 相对路径 | 对应Pod的cgroup子路径(即其在cgroup子系统下的相对路径) | - -接口调用示例如下: - -```sh -curl -v -H "Accept: application/json" -H "Content-type: application/json" -X POST --data '{"Pods": {"podaaa": {"CgroupPath": "kubepods/burstable/podaaa","QosLevel": 0},"podbbb": {"CgroupPath": "kubepods/burstable/podbbb","QosLevel": -1}}}' --unix-socket /run/rubik/rubik.sock http://localhost/ -``` - -### 探活接口 - -rubik作为HTTP服务,提供探活接口用于帮助判断rubik是否处于运行状态。 - -接口形式:HTTP/GET /ping - -接口调用示例如下: - -```sh -curl -XGET --unix-socket /run/rubik/rubik.sock http://localhost/ping -``` - -若返回ok则代表rubik服务处于运行状态。 - -### 版本信息查询接口 - -rubik支持通过HTTP请求查询当前rubik的版本号。 - -接口形式:HTTP/GET /version - -接口调用示例如下: - -```sh -curl -XGET --unix-socket /run/rubik/rubik.sock http://localhost/version -{"Version":"0.0.1","Release":"1","Commit":"29910e6","BuildTime":"2021-05-12"} -``` +# http接口 + +## 概述 + +rubik对外开放接口均为http接口,当前包括pod优先级设置/更新接口、rubik探活接口和rubik版本号查询接口。 + +## 接口介绍 + +### 设置、更新Pod优先级接口 + +rubik提供了设置或更新pod优先级的功能,外部可通过调用该接口发送pod相关信息,rubik根据接收到的pod信息对其设置优先级从而达到资源隔离的目的。接口调用格式为: + +```bash +HTTP POST /run/rubik/rubik.sock +{ + "Pods": { + "podaaa": { + "CgroupPath": "kubepods/burstable/podaaa", + "QosLevel": 0 + }, + "podbbb": { + "CgroupPath": "kubepods/burstable/podbbb", + "QosLevel": -1 + } + } +} +``` + +Pods 配置中为需要设置或更新优先级的 Pod 信息,每一个http请求至少需要指定配置1个 pod,每个 pod 必须指定CgroupPath 和 QosLevel,其含义如下: + +| 配置项 | 配置值类型 | 配置取值范围 | 配置含义 | +| ---------- | ---------- | ------------ | ------------------------------------------------------- | +| QosLevel | int | 0、-1 | pod优先级,0表示其为在线业务,-1表示其为离线业务 | +| CgroupPath | string | 相对路径 | 对应Pod的cgroup子路径(即其在cgroup子系统下的相对路径) | + +接口调用示例如下: + +```sh +curl -v -H "Accept: application/json" -H "Content-type: application/json" -X POST --data '{"Pods": {"podaaa": {"CgroupPath": "kubepods/burstable/podaaa","QosLevel": 0},"podbbb": {"CgroupPath": "kubepods/burstable/podbbb","QosLevel": -1}}}' --unix-socket /run/rubik/rubik.sock http://localhost/ +``` + +### 探活接口 + +rubik作为HTTP服务,提供探活接口用于帮助判断rubik是否处于运行状态。 + +接口形式:HTTP/GET /ping + +接口调用示例如下: + +```sh +curl -XGET --unix-socket /run/rubik/rubik.sock http://localhost/ping +``` + +若返回ok则代表rubik服务处于运行状态。 + +### 版本信息查询接口 + +rubik支持通过HTTP请求查询当前rubik的版本号。 + +接口形式:HTTP/GET /version + +接口调用示例如下: + +```sh +curl -XGET --unix-socket /run/rubik/rubik.sock http://localhost/version +{"Version":"0.0.1","Release":"1","Commit":"29910e6","BuildTime":"2021-05-12"} +``` diff --git a/docs/zh/docs/HybridDeployment/rubik/installation-and-deployment.md b/docs/zh/Cloud/HybridDeployment/rubik/installation-and-deployment.md similarity index 97% rename from docs/zh/docs/HybridDeployment/rubik/installation-and-deployment.md rename to docs/zh/Cloud/HybridDeployment/rubik/installation-and-deployment.md index 14835de..343157b 100644 --- a/docs/zh/docs/HybridDeployment/rubik/installation-and-deployment.md +++ b/docs/zh/Cloud/HybridDeployment/rubik/installation-and-deployment.md @@ -19,7 +19,7 @@ ### 环境准备 -* 安装 openEuler 系统,安装方法参考《[安装指南](../Installation/installation.md)》。 +* 安装 openEuler 系统,安装方法参考《[安装指南](https://gitee.com/openeuler/docs/blob/25.03/docs/zh/Server/InstallationUpgrade/Installation/installation.md)》。 * 安装并部署 kubernetes,安装及部署方法参考《Kubernetes 集群部署指南》。 * 安装docker或isulad容器引擎,若采用isulad容器引擎,需同时安装isula-build容器镜像构建工具。 @@ -136,7 +136,7 @@ sudo echo 1 > /proc/sys/vm/memcg_qos_enable ### 依赖于kubelet的Pod优先级配置 -由于Pod优先级自动配置依赖于来自api-server pod创建事件的通知,具有一定的延迟性,无法在进程启动之前及时完成Pod优先级的配置,导致业务性能可能存在抖动。用户可以关闭优先级自动配置选项,通过修改kubelet源码,在容器cgroup创建后、容器进程启动前调用rubik http接口配置pod优先级,http接口具体使用方法详见[http接口文档](./http接口文档.md) +由于Pod优先级自动配置依赖于来自api-server pod创建事件的通知,具有一定的延迟性,无法在进程启动之前及时完成Pod优先级的配置,导致业务性能可能存在抖动。用户可以关闭优先级自动配置选项,通过修改kubelet源码,在容器cgroup创建后、容器进程启动前调用rubik http接口配置pod优先级,http接口具体使用方法详见[http接口文档](./http-apis.md) ### 支持自动校对Pod优先级 @@ -179,7 +179,7 @@ spec: * rubik不提供端口访问,只能通过socket通信。 -* rubik只接收合法http请求路径及网络协议:](./http接口文档.md)。 +* rubik只接收合法http请求路径及网络协议:](./http-apis.md)。 * rubik磁盘使用需求:配额1GB及以上。 diff --git a/docs/zh/docs/HybridDeployment/rubik/overview.md b/docs/zh/Cloud/HybridDeployment/rubik/overview.md similarity index 97% rename from docs/zh/docs/HybridDeployment/rubik/overview.md rename to docs/zh/Cloud/HybridDeployment/rubik/overview.md index fae5ab5..c07cf4a 100644 --- a/docs/zh/docs/HybridDeployment/rubik/overview.md +++ b/docs/zh/Cloud/HybridDeployment/rubik/overview.md @@ -1,17 +1,17 @@ -# rubik使用指南 - -## 概述 - -服务器资源利用率低一直是业界公认的难题,随着云原生技术的发展,将在线(高优先级)、离线(低优先级)业务混合部署成为了当下提高资源利用率的有效手段。 - -rubik容器调度在业务混合部署的场景下,根据QoS分级,对资源进行合理调度,从而实现在保障在线业务服务质量的前提下,大幅提升资源利用率。 - -rubik当前支持如下特性: - -- pod CPU优先级的配置 -- pod memory优先级的配置 - -本文档适用于使用openEuler系统并希望了解和使用rubik的社区开发者、开源爱好者以及相关合作伙伴。使用人员需要具备以下经验和技能: - -- 熟悉Linux基本操作 -- 熟悉kubernetes和docker/iSulad基本操作 +# rubik使用指南 + +## 概述 + +服务器资源利用率低一直是业界公认的难题,随着云原生技术的发展,将在线(高优先级)、离线(低优先级)业务混合部署成为了当下提高资源利用率的有效手段。 + +rubik容器调度在业务混合部署的场景下,根据QoS分级,对资源进行合理调度,从而实现在保障在线业务服务质量的前提下,大幅提升资源利用率。 + +rubik当前支持如下特性: + +- pod CPU优先级的配置 +- pod memory优先级的配置 + +本文档适用于使用openEuler系统并希望了解和使用rubik的社区开发者、开源爱好者以及相关合作伙伴。使用人员需要具备以下经验和技能: + +- 熟悉Linux基本操作 +- 熟悉kubernetes和docker/iSulad基本操作 diff --git a/docs/zh/Cloud/ImageBuilder/isula-build/_menu.md b/docs/zh/Cloud/ImageBuilder/isula-build/_menu.md new file mode 100644 index 0000000..e8c0a78 --- /dev/null +++ b/docs/zh/Cloud/ImageBuilder/isula-build/_menu.md @@ -0,0 +1,14 @@ +--- +label: '容器镜像构建' +ismanual: 'Y' +description: '支持通过Dockerfile文件快速构建容器镜像' +children: + - label: '概述' + href: './overview.md' + - label: '使用指南' + href: './isula-build.md' + - label: '常见问题与解决方法' + href: './isula-build-faqs.md' + - label: '附录' + href: './isula-build-appendix.md' +--- \ No newline at end of file diff --git a/docs/zh/docs/ImageBuilder/isula-build/figures/isula-build_arch.png b/docs/zh/Cloud/ImageBuilder/isula-build/figures/isula-build_arch.png similarity index 100% rename from docs/zh/docs/ImageBuilder/isula-build/figures/isula-build_arch.png rename to docs/zh/Cloud/ImageBuilder/isula-build/figures/isula-build_arch.png diff --git "a/docs/zh/docs/ImageBuilder/isula-build/isula-build\351\231\204\345\275\225.md" b/docs/zh/Cloud/ImageBuilder/isula-build/isula-build-appendix.md similarity index 100% rename from "docs/zh/docs/ImageBuilder/isula-build/isula-build\351\231\204\345\275\225.md" rename to docs/zh/Cloud/ImageBuilder/isula-build/isula-build-appendix.md diff --git "a/docs/zh/docs/ImageBuilder/isula-build/isula-build\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" b/docs/zh/Cloud/ImageBuilder/isula-build/isula-build-faqs.md similarity index 100% rename from "docs/zh/docs/ImageBuilder/isula-build/isula-build\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to docs/zh/Cloud/ImageBuilder/isula-build/isula-build-faqs.md diff --git "a/docs/zh/docs/ImageBuilder/isula-build/isula-build\344\275\277\347\224\250\346\214\207\345\215\227.md" b/docs/zh/Cloud/ImageBuilder/isula-build/isula-build.md similarity index 98% rename from "docs/zh/docs/ImageBuilder/isula-build/isula-build\344\275\277\347\224\250\346\214\207\345\215\227.md" rename to docs/zh/Cloud/ImageBuilder/isula-build/isula-build.md index 5523acb..d4838f9 100644 --- "a/docs/zh/docs/ImageBuilder/isula-build/isula-build\344\275\277\347\224\250\346\214\207\345\215\227.md" +++ b/docs/zh/Cloud/ImageBuilder/isula-build/isula-build.md @@ -133,7 +133,7 @@ sudo systemctl daemon-reload * --group: 设置本地套接字isula_build.sock文件属组使得加入该组的非特权用户可以操作isula-build,默认为“isula”。 * --experimental: 是否开启实验特性,默认为false。 ->![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > 当命令行启动参数中传递了与配置文件相同的配置选项时,优先使用命令行参数启动。 @@ -159,7 +159,7 @@ sudo yum install -y docker-runc sudo yum install -y docker-engine ``` ->![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > 用户需保证OCI runtime(runc)可执行文件的安全性,避免被恶意替换。 @@ -183,7 +183,7 @@ isula-build 客户端提供了一系列命令用于构建和管理容器镜像 * version,查看isula-build和isula-builder的版本号。 * manifest(实验特性),管理manifest列表。 ->![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > * isula-build completion 和 isula-builder completion 命令用于生成bash命令补全脚本。该命令为命令行框架隐式提供,不会显示在help信息中。 > * isula-build客户端不包含配置文件,当用户需要使用isula-build实验特性时,需要在客户端通过命令`export ISULABUILD_CLI_EXPERIMENTAL=enabled`配置环境变量ISULABUILD_CLI_EXPERIMENTAL来开启实验特性。 @@ -426,7 +426,7 @@ mybusybox latest 173b3cf612f8 2022-01 --------------------------------------- ----------- ----------------- ------------------------ ------------ ``` ->![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > isula-build 支持导入最大1GiB的容器基础镜像。 @@ -469,7 +469,7 @@ Storing signatures Loaded image as c07ddb44daa97e9e8d2d68316b296cc9343ab5f3d2babc5e6e03b80cd580478e ``` ->![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > * isula-build 支持导入最大50G的容器层叠镜像。 > * isula-build 会自动识别容器层叠镜像的格式并进行导入。 @@ -555,7 +555,7 @@ Storing signatures Save success with image: [busybox:latest nginx:latest] ``` ->![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > * save 导出的镜像默认格式为未压缩的tar格式,如有需求,用户可以再save之后手动压缩。 > * 在使用镜像名导出镜像时,需要给出完整的镜像名格式:REPOSITORY:TAG。 @@ -631,7 +631,7 @@ Storing signatures Push success with image: example-registry/library/mybusybox:latest ``` ->![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > 推送镜像时,需要先登录对应的镜像仓库 diff --git "a/docs/zh/docs/ImageBuilder/isula-build/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" b/docs/zh/Cloud/ImageBuilder/isula-build/overview.md similarity index 93% rename from "docs/zh/docs/ImageBuilder/isula-build/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" rename to docs/zh/Cloud/ImageBuilder/isula-build/overview.md index cae6ba4..67e98d6 100644 --- "a/docs/zh/docs/ImageBuilder/isula-build/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" +++ b/docs/zh/Cloud/ImageBuilder/isula-build/overview.md @@ -2,7 +2,7 @@ isula-build是iSula容器团队推出的容器镜像构建工具,支持通过Dockerfile文件快速构建容器镜像。 -isula-build采用服务端/客户端模式,其中,isula-build为客户端,提供了一组命令行工具,用于镜像构建及管理等;isula-builder为服务端,用于处理客户端管理请求,作为守护进程常驻后台。 +isula-build采用服务端/客户端模式。其中,isula-build为客户端,提供了一组命令行工具,用于镜像构建及管理等;isula-builder为服务端,用于处理客户端管理请求,作为守护进程常驻后台。 ![isula-build architecture](./figures/isula-build_arch.png) diff --git a/docs/zh/docs/ContainerEngine/DockerEngine/public_sys-resources/icon-caution.gif b/docs/zh/Cloud/ImageBuilder/isula-build/public_sys-resources/icon-caution.gif similarity index 100% rename from docs/zh/docs/ContainerEngine/DockerEngine/public_sys-resources/icon-caution.gif rename to docs/zh/Cloud/ImageBuilder/isula-build/public_sys-resources/icon-caution.gif diff --git a/docs/zh/docs/ContainerEngine/DockerEngine/public_sys-resources/icon-danger.gif b/docs/zh/Cloud/ImageBuilder/isula-build/public_sys-resources/icon-danger.gif similarity index 100% rename from docs/zh/docs/ContainerEngine/DockerEngine/public_sys-resources/icon-danger.gif rename to docs/zh/Cloud/ImageBuilder/isula-build/public_sys-resources/icon-danger.gif diff --git a/docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/public_sys-resources/icon-note.gif b/docs/zh/Cloud/ImageBuilder/isula-build/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/ClusterDeployment/iSulad+k8s/figures/public_sys-resources/icon-note.gif rename to docs/zh/Cloud/ImageBuilder/isula-build/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/ContainerEngine/DockerEngine/public_sys-resources/icon-notice.gif b/docs/zh/Cloud/ImageBuilder/isula-build/public_sys-resources/icon-notice.gif similarity index 100% rename from docs/zh/docs/ContainerEngine/DockerEngine/public_sys-resources/icon-notice.gif rename to docs/zh/Cloud/ImageBuilder/isula-build/public_sys-resources/icon-notice.gif diff --git a/docs/zh/docs/ContainerEngine/DockerEngine/public_sys-resources/icon-tip.gif b/docs/zh/Cloud/ImageBuilder/isula-build/public_sys-resources/icon-tip.gif similarity index 100% rename from docs/zh/docs/ContainerEngine/DockerEngine/public_sys-resources/icon-tip.gif rename to docs/zh/Cloud/ImageBuilder/isula-build/public_sys-resources/icon-tip.gif diff --git a/docs/zh/docs/ContainerEngine/DockerEngine/public_sys-resources/icon-warning.gif b/docs/zh/Cloud/ImageBuilder/isula-build/public_sys-resources/icon-warning.gif similarity index 100% rename from docs/zh/docs/ContainerEngine/DockerEngine/public_sys-resources/icon-warning.gif rename to docs/zh/Cloud/ImageBuilder/isula-build/public_sys-resources/icon-warning.gif diff --git a/docs/zh/Cloud/Kmesh/Kmesh/_menu.md b/docs/zh/Cloud/Kmesh/Kmesh/_menu.md new file mode 100644 index 0000000..83190a6 --- /dev/null +++ b/docs/zh/Cloud/Kmesh/Kmesh/_menu.md @@ -0,0 +1,18 @@ +--- +label: 'Kmesh用户指南' +ismanual: 'Y' +description: 'openEuler系统高性能服务网格数据面软件' +children: + - label: '概述' + href: './overview.md' + - label: '认识Kmesh' + href: './getting-to-know-kmesh.md' + - label: '安装与部署' + href: './installation-and-deployment.md' + - label: '使用方法' + href: './usage.md' + - label: '常见问题与解决方法' + href: './faqs.md' + - label: '附录' + href: './appendixes.md' +--- \ No newline at end of file diff --git "a/docs/zh/docs/Kmesh/Kmesh/\351\231\204\345\275\225.md" b/docs/zh/Cloud/Kmesh/Kmesh/appendixes.md similarity index 100% rename from "docs/zh/docs/Kmesh/Kmesh/\351\231\204\345\275\225.md" rename to docs/zh/Cloud/Kmesh/Kmesh/appendixes.md diff --git "a/docs/zh/docs/Kmesh/Kmesh/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" b/docs/zh/Cloud/Kmesh/Kmesh/faqs.md similarity index 87% rename from "docs/zh/docs/Kmesh/Kmesh/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to docs/zh/Cloud/Kmesh/Kmesh/faqs.md index f8a6490..eab2cba 100644 --- "a/docs/zh/docs/Kmesh/Kmesh/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" +++ b/docs/zh/Cloud/Kmesh/Kmesh/faqs.md @@ -6,7 +6,7 @@ 原因:集群启动模式下,Kmesh服务需要跟控制面程序通信,然后从控制面获取配置信息,因此需要设置正确的控制面程序ip信息。 -解决方法:参考[安装与部署](./安装与部署.md)章节中集群启动模式,设置正确的控制面程序ip信息。 +解决方法:参考[安装与部署](./installation-and-deployment.md)章节中集群启动模式,设置正确的控制面程序ip信息。 ## **问题2:Kmesh服务在启动时,提示"get kube config error!"** diff --git a/docs/zh/docs/Kmesh/Kmesh/figures/get_kubeconfig_error.png b/docs/zh/Cloud/Kmesh/Kmesh/figures/get_kubeconfig_error.png similarity index 100% rename from docs/zh/docs/Kmesh/Kmesh/figures/get_kubeconfig_error.png rename to docs/zh/Cloud/Kmesh/Kmesh/figures/get_kubeconfig_error.png diff --git a/docs/zh/docs/Kmesh/Kmesh/figures/kmesh-arch.png b/docs/zh/Cloud/Kmesh/Kmesh/figures/kmesh-arch.png similarity index 100% rename from docs/zh/docs/Kmesh/Kmesh/figures/kmesh-arch.png rename to docs/zh/Cloud/Kmesh/Kmesh/figures/kmesh-arch.png diff --git a/docs/zh/docs/Kmesh/Kmesh/figures/not_set_cluster_ip.png b/docs/zh/Cloud/Kmesh/Kmesh/figures/not_set_cluster_ip.png similarity index 100% rename from docs/zh/docs/Kmesh/Kmesh/figures/not_set_cluster_ip.png rename to docs/zh/Cloud/Kmesh/Kmesh/figures/not_set_cluster_ip.png diff --git "a/docs/zh/docs/Kmesh/Kmesh/\350\256\244\350\257\206Kmesh.md" b/docs/zh/Cloud/Kmesh/Kmesh/getting-to-know-kmesh.md similarity index 100% rename from "docs/zh/docs/Kmesh/Kmesh/\350\256\244\350\257\206Kmesh.md" rename to docs/zh/Cloud/Kmesh/Kmesh/getting-to-know-kmesh.md diff --git "a/docs/zh/docs/Kmesh/Kmesh/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" b/docs/zh/Cloud/Kmesh/Kmesh/installation-and-deployment.md similarity index 90% rename from "docs/zh/docs/Kmesh/Kmesh/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" rename to docs/zh/Cloud/Kmesh/Kmesh/installation-and-deployment.md index bd44c25..f7c61b9 100644 --- "a/docs/zh/docs/Kmesh/Kmesh/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" +++ b/docs/zh/Cloud/Kmesh/Kmesh/installation-and-deployment.md @@ -10,7 +10,7 @@ ## 环境准备 -* 安装openEuler系统,安装方法参考 《[安装指南](../Installation/installation.md)》。 +* 安装openEuler系统,安装方法参考 《[安装指南](https://gitee.com/openeuler/docs/blob/25.03/docs/zh/Server/InstallationUpgrade/Installation/installation.md)》。 * 安装Kmesh需要使用root权限。 @@ -82,7 +82,7 @@ ExecStart=/usr/bin/kmesh-daemon -enable-mda -enable-ads=false [root@openEuler ~]# systemctl daemon-reload ``` -Kmesh服务启动时会调用kmesh-daemon程序,具体使用方式可以参考[kmesh-daemon使用](./使用方法.md)。 +Kmesh服务启动时会调用kmesh-daemon程序,具体使用方式可以参考[kmesh-daemon使用](./usage.md)。 ### 启动Kmesh diff --git a/docs/zh/docs/Kmesh/Kmesh/Kmesh.md b/docs/zh/Cloud/Kmesh/Kmesh/overview.md similarity index 100% rename from docs/zh/docs/Kmesh/Kmesh/Kmesh.md rename to docs/zh/Cloud/Kmesh/Kmesh/overview.md diff --git "a/docs/zh/docs/Kmesh/Kmesh/\344\275\277\347\224\250\346\226\271\346\263\225.md" b/docs/zh/Cloud/Kmesh/Kmesh/usage.md similarity index 100% rename from "docs/zh/docs/Kmesh/Kmesh/\344\275\277\347\224\250\346\226\271\346\263\225.md" rename to docs/zh/Cloud/Kmesh/Kmesh/usage.md diff --git a/docs/zh/Cloud/KubeOS/KubeOS/_menu.md b/docs/zh/Cloud/KubeOS/KubeOS/_menu.md new file mode 100644 index 0000000..ffbc4d0 --- /dev/null +++ b/docs/zh/Cloud/KubeOS/KubeOS/_menu.md @@ -0,0 +1,16 @@ +--- +label: '容器OS升级用户指南' +ismanual: 'Y' +description: 'KubeOS是专为容器化业务涉及的轻量级操作系统,支持原子化升级,确保版本一致性,降低运维复杂性' +children: + - label: '概述' + href: './overview.md' + - label: '认识容器OS升级' + href: './about-kubeos.md' + - label: '安装与部署' + href: './installation-and-deployment.md' + - label: '使用方法' + href: './usage-instructions.md' + - label: '容器OS镜像制作指导' + href: './kubeos-image-creation.md' +--- \ No newline at end of file diff --git "a/docs/zh/docs/KubeOS/KubeOS/\350\256\244\350\257\206\345\256\271\345\231\250OS\345\215\207\347\272\247.md" b/docs/zh/Cloud/KubeOS/KubeOS/about-kubeos.md similarity index 100% rename from "docs/zh/docs/KubeOS/KubeOS/\350\256\244\350\257\206\345\256\271\345\231\250OS\345\215\207\347\272\247.md" rename to docs/zh/Cloud/KubeOS/KubeOS/about-kubeos.md diff --git "a/docs/zh/docs/KubeOS/KubeOS/figures/\345\256\271\345\231\250OS\346\226\207\344\273\266\345\270\203\345\261\200.png" "b/docs/zh/Cloud/KubeOS/KubeOS/figures/\345\256\271\345\231\250OS\346\226\207\344\273\266\345\270\203\345\261\200.png" similarity index 100% rename from "docs/zh/docs/KubeOS/KubeOS/figures/\345\256\271\345\231\250OS\346\226\207\344\273\266\345\270\203\345\261\200.png" rename to "docs/zh/Cloud/KubeOS/KubeOS/figures/\345\256\271\345\231\250OS\346\226\207\344\273\266\345\270\203\345\261\200.png" diff --git "a/docs/zh/docs/KubeOS/KubeOS/figures/\345\256\271\345\231\250OS\346\236\266\346\236\204.png" "b/docs/zh/Cloud/KubeOS/KubeOS/figures/\345\256\271\345\231\250OS\346\236\266\346\236\204.png" similarity index 100% rename from "docs/zh/docs/KubeOS/KubeOS/figures/\345\256\271\345\231\250OS\346\236\266\346\236\204.png" rename to "docs/zh/Cloud/KubeOS/KubeOS/figures/\345\256\271\345\231\250OS\346\236\266\346\236\204.png" diff --git "a/docs/zh/docs/KubeOS/KubeOS/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" b/docs/zh/Cloud/KubeOS/KubeOS/installation-and-deployment.md similarity index 91% rename from "docs/zh/docs/KubeOS/KubeOS/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" rename to docs/zh/Cloud/KubeOS/KubeOS/installation-and-deployment.md index 25406b1..5b5e045 100644 --- "a/docs/zh/docs/KubeOS/KubeOS/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" +++ b/docs/zh/Cloud/KubeOS/KubeOS/installation-and-deployment.md @@ -2,26 +2,6 @@ 本章介绍如何安装和部署容器 OS 升级工具。 - - -- [安装与部署](#安装与部署) - - - [软硬件要求](#软硬件要求) - - - [硬件要求](#硬件要求) - - [软件要求](#软件要求) - - [环境准备](#环境准备) - - - [安装容器OS升级工具](#安装容器os升级工具) - - - [部署容器OS升级工具](#部署容器os升级工具) - - - [制作os-operator和os-proxy镜像](#制作os-operator和os-proxy镜像) - - [制作容器OS镜像](#制作容器os镜像) - - [部署CRD,operator和proxy](#部署crd,operator和proxy) - - - ## 软硬件要求 ### 硬件要求 @@ -34,7 +14,7 @@ ### 环境准备 -- 安装 openEuler 系统,安装方法参考《[安装指南](../Installation/installation.md)》 +- 安装 openEuler 系统,安装方法参考《[安装指南](https://gitee.com/openeuler/docs/blob/25.03/docs/zh/Server/InstallationUpgrade/Installation/installation.md)》 - 安装 qemu-img,bc,parted,tar,yum,docker,dosfstools ## 安装容器OS升级工具 diff --git "a/docs/zh/docs/KubeOS/KubeOS/\345\256\271\345\231\250OS\351\225\234\345\203\217\345\210\266\344\275\234\346\214\207\345\257\274.md" b/docs/zh/Cloud/KubeOS/KubeOS/kubeos-image-creation.md similarity index 97% rename from "docs/zh/docs/KubeOS/KubeOS/\345\256\271\345\231\250OS\351\225\234\345\203\217\345\210\266\344\275\234\346\214\207\345\257\274.md" rename to docs/zh/Cloud/KubeOS/KubeOS/kubeos-image-creation.md index d8b3313..21b229b 100644 --- "a/docs/zh/docs/KubeOS/KubeOS/\345\256\271\345\231\250OS\351\225\234\345\203\217\345\210\266\344\275\234\346\214\207\345\257\274.md" +++ b/docs/zh/Cloud/KubeOS/KubeOS/kubeos-image-creation.md @@ -1,169 +1,169 @@ -# 容器OS镜像制作指导 - -## 简介 - -kbimg是KubeOS部署和升级所需的镜像制作工具,可以使用kbimg制作KubeOS docker,虚拟机和物理机镜像。 - -## 命令介绍 - -### 命令格式 - -**bash kbimg.sh** \[ --help | -h \] create \[ COMMANDS \] \[ OPTIONS \] - -### 参数说明 - -* COMMANDS - - | 参数 | 描述 | - | ------------- | ---------------------------------------------- | - | upgrade-image | 生成用于安装和升级的OCI镜像格式的 KubeOS 镜像 | - | vm-image | 生成用于部署和升级的虚拟机镜像 | - | pxe-image | 生成物理机安装所需的镜像及文件 | - -* OPTIONS - - | 参数 | 描述 | - | ------------ | ------------------------------------------------------------ | - | -p | repo 文件的路径,repo 文件中配置制作镜像所需要的 yum 源 | - | -v | 制作出来的KubeOS镜像的版本 | - | -b | os-agent二进制的路径 | - | -e | KubeOS 镜像 root 用户密码,加密后的带盐值的密码,可以用 openssl,kiwi 命令生成 | - | -d | 生成或者使用的 docke r镜像 | - | -h --help | 查看帮助信息 | - -## 使用说明 - -### 注意事项 - -* kbimg.sh 执行需要 root 权限 -* 当前仅支持 x86和 AArch64 架构使用 -* 容器 OS 镜像制作工具的 rpm 包源为 openEuler 具体版本的 everything 仓库和 EPOL 仓库。制作镜像时提供的 repo 文件中,yum 源建议同时配置 openEuler 具体版本的 everything 仓库和 EPOL 仓库 - -### KubeOS OCI 镜像制作 - -#### 注意事项 - -* 制作的 OCI 镜像仅用于后续的虚拟机/物理机镜像制作或升级使用,不支持启动容器 -* 使用默认 rpmlist 进行容器OS镜像制作时所需磁盘空间至少为6G,如自已定义 rpmlist 可能会超过6G - -#### 使用示例 - -* 如需进行DNS配置,请先在```scripts```目录下自定义```resolv.conf```文件 - -```shell - cd /opt/kubeOS/scripts - touch resolv.conf - vim resolv.conf -``` - -* 制作KubeOS容器镜像 - -``` shell -cd /opt/kubeOS/scripts -bash kbimg.sh create upgrade-image -p xxx.repo -v v1 -b ../bin/os-agent -e '''$1$xyz$RdLyKTL32WEvK3lg8CXID0''' -d your_imageRepository/imageName:version -``` - -* 制作完成后查看制作出来的KubeOS容器镜像 - -``` shell -docker images -``` - -### KubeOS 虚拟机镜像制作 - -#### 注意事项 - -* 如使用 docker 镜像制作请先拉取相应镜像或者先制作docker镜像,并保证 docker 镜像的安全性 -* 制作出来的容器 OS 虚拟机镜像目前只能用于 CPU 架构为 x86 和 AArch64 的虚拟机 -* 容器 OS 目前不支持 x86 架构的虚拟机使用 legacy 启动模式启动 -* 使用默认rpmlist进行容器OS镜像制作时所需磁盘空间至少为25G,如自已定义rpmlist可能会超过25G - -#### 使用示例 - -* 使用repo源制作 - * 如需进行DNS配置,请先在```scripts```目录下自定义```resolv.conf```文件 - - ```shell - cd /opt/kubeOS/scripts - touch resolv.conf - vim resolv.conf - ``` - - * KubeOS虚拟机镜像制作 - - ``` shell - cd /opt/kubeOS/scripts - bash kbimg.sh create vm-image -p xxx.repo -v v1 -b ../bin/os-agent -e '''$1$xyz$RdLyKTL32WEvK3lg8CXID0''' - ``` - -* 使用docker镜像制作 - - ``` shell - cd /opt/kubeOS/scripts - bash kbimg.sh create vm-image -d your_imageRepository/imageName:version - ``` - -* 结果说明 - 容器 OS 镜像制作完成后,会在 /opt/kubeOS/scripts 目录下生成: - * system.qcow2: qcow2 格式的系统镜像,大小默认为 20GiB,支持的根文件系统分区大小 < 2020 MiB,持久化分区 < 16GiB 。 - * update.img: 用于升级的根文件系统分区镜像 - -### KubeOS 物理机安装所需镜像及文件制作 - -#### 注意事项 - -* 如使用 docker 镜像制作请先拉取相应镜像或者先制作 docker 镜像,并保证 docker 镜像的安全性 -* 制作出来的容器 OS 物理安装所需的镜像目前只能用于 CPU 架构为 x86 和 AArch64 的物理机安装 -* Global.cfg配置中指定的ip为安装时使用的临时ip,请在系统安装启动后请参考《openEuler 22.09 管理员指南-配置网络》进行网络配置 -* 不支持多个磁盘都安装KubeOS,可能会造成启动失败或挂载紊乱 -* 容器OS 目前不支持 x86 架构的物理机使用 legacy 启动模式启动 -* 使用默认rpmlist进行镜像制作时所需磁盘空间至少为5G,如自已定义 rpmlist 可能会超过5G - -#### 使用示例 - -* 首先需要修改```00bootup/Global.cfg```的配置,对相关参数进行配置,参数均为必填,ip目前仅支持ipv4,配置示例如下 - - ```shell - # rootfs file name - rootfs_name=kubeos.tar - # select the target disk to install kubeOS - disk=/dev/sda - # pxe server ip address where stores the rootfs on the http server - server_ip=192.168.1.50 - # target machine temporary ip - local_ip=192.168.1.100 - # target machine temporary route - route_ip=192.168.1.1 - # target machine temporary netmask - netmask=255.255.255.0 - # target machine netDevice name - net_name=eth0 - ``` - -* 使用 repo 源制作 - * 如需进行DNS配置,请在```scripts```目录下自定义```resolv.conf```文件 - - ```shell - cd /opt/kubeOS/scripts - touch resolv.conf - vim resolv.conf - ``` - - * KubeOS物理机安装所需镜像制作 - - ```shell - cd /opt/kubeOS/scripts - bash kbimg.sh create pxe-image -p xxx.repo -v v1 -b ../bin/os-agent -e '''$1$xyz$RdLyKTL32WEvK3lg8CXID0''' - ``` - -* 使用 docker 镜像制作 - - ``` shell - cd /opt/kubeOS/scripts - bash kbimg.sh create pxe-image -d your_imageRepository/imageName:version - ``` - -* 结果说明 - - * initramfs.img: 用于pxe启动用的 initramfs 镜像 - * kubeos.tar: pxe安装所用的 OS +# 容器OS镜像制作指导 + +## 简介 + +kbimg是KubeOS部署和升级所需的镜像制作工具,可以使用kbimg制作KubeOS docker,虚拟机和物理机镜像。 + +## 命令介绍 + +### 命令格式 + +**bash kbimg.sh** \[ --help | -h \] create \[ COMMANDS \] \[ OPTIONS \] + +### 参数说明 + +* COMMANDS + + | 参数 | 描述 | + | ------------- | ---------------------------------------------- | + | upgrade-image | 生成用于安装和升级的OCI镜像格式的 KubeOS 镜像 | + | vm-image | 生成用于部署和升级的虚拟机镜像 | + | pxe-image | 生成物理机安装所需的镜像及文件 | + +* OPTIONS + + | 参数 | 描述 | + | ------------ | ------------------------------------------------------------ | + | -p | repo 文件的路径,repo 文件中配置制作镜像所需要的 yum 源 | + | -v | 制作出来的KubeOS镜像的版本 | + | -b | os-agent二进制的路径 | + | -e | KubeOS 镜像 root 用户密码,加密后的带盐值的密码,可以用 openssl,kiwi 命令生成 | + | -d | 生成或者使用的 docke r镜像 | + | -h --help | 查看帮助信息 | + +## 使用说明 + +### 注意事项 + +* kbimg.sh 执行需要 root 权限 +* 当前仅支持 x86和 AArch64 架构使用 +* 容器 OS 镜像制作工具的 rpm 包源为 openEuler 具体版本的 everything 仓库和 EPOL 仓库。制作镜像时提供的 repo 文件中,yum 源建议同时配置 openEuler 具体版本的 everything 仓库和 EPOL 仓库 + +### KubeOS OCI 镜像制作 + +#### 注意事项 + +* 制作的 OCI 镜像仅用于后续的虚拟机/物理机镜像制作或升级使用,不支持启动容器 +* 使用默认 rpmlist 进行容器OS镜像制作时所需磁盘空间至少为6G,如自已定义 rpmlist 可能会超过6G + +#### 使用示例 + +* 如需进行DNS配置,请先在```scripts```目录下自定义```resolv.conf```文件 + +```shell + cd /opt/kubeOS/scripts + touch resolv.conf + vim resolv.conf +``` + +* 制作KubeOS容器镜像 + +``` shell +cd /opt/kubeOS/scripts +bash kbimg.sh create upgrade-image -p xxx.repo -v v1 -b ../bin/os-agent -e '''$1$xyz$RdLyKTL32WEvK3lg8CXID0''' -d your_imageRepository/imageName:version +``` + +* 制作完成后查看制作出来的KubeOS容器镜像 + +``` shell +docker images +``` + +### KubeOS 虚拟机镜像制作 + +#### 注意事项 + +* 如使用 docker 镜像制作请先拉取相应镜像或者先制作docker镜像,并保证 docker 镜像的安全性 +* 制作出来的容器 OS 虚拟机镜像目前只能用于 CPU 架构为 x86 和 AArch64 的虚拟机 +* 容器 OS 目前不支持 x86 架构的虚拟机使用 legacy 启动模式启动 +* 使用默认rpmlist进行容器OS镜像制作时所需磁盘空间至少为25G,如自已定义rpmlist可能会超过25G + +#### 使用示例 + +* 使用repo源制作 + * 如需进行DNS配置,请先在```scripts```目录下自定义```resolv.conf```文件 + + ```shell + cd /opt/kubeOS/scripts + touch resolv.conf + vim resolv.conf + ``` + + * KubeOS虚拟机镜像制作 + + ``` shell + cd /opt/kubeOS/scripts + bash kbimg.sh create vm-image -p xxx.repo -v v1 -b ../bin/os-agent -e '''$1$xyz$RdLyKTL32WEvK3lg8CXID0''' + ``` + +* 使用docker镜像制作 + + ``` shell + cd /opt/kubeOS/scripts + bash kbimg.sh create vm-image -d your_imageRepository/imageName:version + ``` + +* 结果说明 + 容器 OS 镜像制作完成后,会在 /opt/kubeOS/scripts 目录下生成: + * system.qcow2: qcow2 格式的系统镜像,大小默认为 20GiB,支持的根文件系统分区大小 < 2020 MiB,持久化分区 < 16GiB 。 + * update.img: 用于升级的根文件系统分区镜像 + +### KubeOS 物理机安装所需镜像及文件制作 + +#### 注意事项 + +* 如使用 docker 镜像制作请先拉取相应镜像或者先制作 docker 镜像,并保证 docker 镜像的安全性 +* 制作出来的容器 OS 物理安装所需的镜像目前只能用于 CPU 架构为 x86 和 AArch64 的物理机安装 +* Global.cfg配置中指定的ip为安装时使用的临时ip,请在系统安装启动后请参考《openEuler 22.09 管理员指南-配置网络》进行网络配置 +* 不支持多个磁盘都安装KubeOS,可能会造成启动失败或挂载紊乱 +* 容器OS 目前不支持 x86 架构的物理机使用 legacy 启动模式启动 +* 使用默认rpmlist进行镜像制作时所需磁盘空间至少为5G,如自已定义 rpmlist 可能会超过5G + +#### 使用示例 + +* 首先需要修改```00bootup/Global.cfg```的配置,对相关参数进行配置,参数均为必填,ip目前仅支持ipv4,配置示例如下 + + ```shell + # rootfs file name + rootfs_name=kubeos.tar + # select the target disk to install kubeOS + disk=/dev/sda + # pxe server ip address where stores the rootfs on the http server + server_ip=192.168.1.50 + # target machine temporary ip + local_ip=192.168.1.100 + # target machine temporary route + route_ip=192.168.1.1 + # target machine temporary netmask + netmask=255.255.255.0 + # target machine netDevice name + net_name=eth0 + ``` + +* 使用 repo 源制作 + * 如需进行DNS配置,请在```scripts```目录下自定义```resolv.conf```文件 + + ```shell + cd /opt/kubeOS/scripts + touch resolv.conf + vim resolv.conf + ``` + + * KubeOS物理机安装所需镜像制作 + + ```shell + cd /opt/kubeOS/scripts + bash kbimg.sh create pxe-image -p xxx.repo -v v1 -b ../bin/os-agent -e '''$1$xyz$RdLyKTL32WEvK3lg8CXID0''' + ``` + +* 使用 docker 镜像制作 + + ``` shell + cd /opt/kubeOS/scripts + bash kbimg.sh create pxe-image -d your_imageRepository/imageName:version + ``` + +* 结果说明 + + * initramfs.img: 用于pxe启动用的 initramfs 镜像 + * kubeos.tar: pxe安装所用的 OS diff --git a/docs/zh/docs/KubeOS/KubeOS/overview.md b/docs/zh/Cloud/KubeOS/KubeOS/overview.md similarity index 100% rename from docs/zh/docs/KubeOS/KubeOS/overview.md rename to docs/zh/Cloud/KubeOS/KubeOS/overview.md diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/public_sys-resources/icon-note.gif b/docs/zh/Cloud/KubeOS/KubeOS/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/ClusterDeployment/Kubernetes/public_sys-resources/icon-note.gif rename to docs/zh/Cloud/KubeOS/KubeOS/public_sys-resources/icon-note.gif diff --git "a/docs/zh/docs/KubeOS/KubeOS/\344\275\277\347\224\250\346\226\271\346\263\225.md" b/docs/zh/Cloud/KubeOS/KubeOS/usage-instructions.md similarity index 98% rename from "docs/zh/docs/KubeOS/KubeOS/\344\275\277\347\224\250\346\226\271\346\263\225.md" rename to docs/zh/Cloud/KubeOS/KubeOS/usage-instructions.md index bf55da2..ad0d029 100644 --- "a/docs/zh/docs/KubeOS/KubeOS/\344\275\277\347\224\250\346\226\271\346\263\225.md" +++ b/docs/zh/Cloud/KubeOS/KubeOS/usage-instructions.md @@ -1,22 +1,5 @@ # 使用方法 - - -- [使用方法](#使用方法) - - - [注意事项](#注意事项) - - - [升级指导](#升级指导) - - - [回退指导](#回退指导) - - - [使用场景](#使用场景) - - - [手动回退](#手动回退) - - - [工具回退](#工具回退) - - ## 注意事项 - 公共注意事项 @@ -80,7 +63,7 @@ | sysconfigs | / | 配置设置 | 1. “opstype=config”时只进行配置。
2.“opstype=upgrade/rollback”时,代表升级/回退后配置,即在升级/回退重启后进行配置,详细字段说明请见[配置(Settings)指导](#配置settings指导) | “opstype=config”时必选 | | upgradeconfigs | / | 升级前配置设置 | 在升级或者回退时有效,在升级或者回退操作之前起效,详细字段说明请见[配置(Settings)指导](#配置settings指导)| 可选 | | nodeselector | string | 需要进行升级/配置/回滚操作的节点label | 用于只对具有某些特定label的节点而不是集群所有worker节点进行运维的场景,需要进行运维操作的节点需要包含key为upgrade.openeuler.org/node-selector的label,nodeselector为该label的value值。
注意事项:
1.此参数不配置时,或者配置为“no-label”时对没有upgrade.openeuler.org/node-selector的节点进行操作
2.此参数为“”时,对具有upgrade.openeuler.org/node-selector=“”的节点进行操作
3.如需忽略label,对所有节点进行操作,需指定此参数为all-label| 可选 | - | timewindow | / | 升级/配置/回滚操作的时间窗口 |1.指定时间窗口时starttime和endtime都需指定,即二者需要同时为空或者同时不为空
2.starttime和endtime类型为string,需要为YYYY-MM-DD HH:MM:SS格式或者HH:MM:SS格式,且二者格式需一致
3.为HH:MM:SS格式时,starttime < endtime认为starttime是下一天的该时间
4.timewindow不配置时默认为不存在时间窗限制| 可选 | + | timewindow | / | 升级/配置/回滚操作的时间窗口 |1.指定时间窗口时starttime和endtime都需指定,即二者需要同时为空或者同时不为空
2.starttime和endtime类型为string,需要为YYYY-MM-DD HH:MM:SS格式或者HH:MM:SS格式,且二者格式需一致
3.为HH:MM:SS格式时,starttime \< endtime认为starttime是下一天的该时间
4.timewindow不配置时默认为不存在时间窗限制| 可选 | | timeinterval | int | 升级/配置/回滚操作每批次任务下发的时间间隔 |参数单位为秒,时间间隔为operator下发任务的时间间隔,如k8s集群繁忙无法立即响应operator请求,实际时间间隔可能会大于指定时间| 可选 | | executionmode | string | 升级/配置/回滚操作执行的方式 |仅支持serial或者parallel,即串行或者并行,当次参数不设置时,默认采用并行的方式| 可选 | @@ -112,7 +95,7 @@ ``` - 使用容器镜像进行升级 - - 使用容器镜像进行升级前请先制作升级所需的容器镜像,制作方式请见[《容器OS镜像制作指导》](./容器OS镜像制作指导.md)中 [KubeOS OCI 镜像制作](./容器OS镜像制作指导.md#kubeos-oci-镜像制作) + - 使用容器镜像进行升级前请先制作升级所需的容器镜像,制作方式请见[《容器OS镜像制作指导》](./kubeos-image-creation.md)中 [KubeOS OCI 镜像制作](./kubeos-image-creation.md#kubeos-oci-镜像制作) - 节点容器引擎为docker ```shell diff --git a/docs/zh/Cloud/NestOS/NestOS/_menu.md b/docs/zh/Cloud/NestOS/NestOS/_menu.md new file mode 100644 index 0000000..378fcc9 --- /dev/null +++ b/docs/zh/Cloud/NestOS/NestOS/_menu.md @@ -0,0 +1,12 @@ +--- +label: 'NestOS用户指南' +ismanual: 'Y' +description: 'NestOS是为容器化设计的轻量级操作系统,采用双分区院子更新,确保安全可靠' +children: + - label: '概述' + href: './overview.md' + - label: 'NestOS For Container用户指南' + href: './nestos-for-container.md' + - label: '功能特性描述' + href: './feature-description.md' +--- \ No newline at end of file diff --git "a/docs/zh/docs/NestOS/NestOS/\345\212\237\350\203\275\347\211\271\346\200\247\346\217\217\350\277\260.md" b/docs/zh/Cloud/NestOS/NestOS/feature-description.md similarity index 100% rename from "docs/zh/docs/NestOS/NestOS/\345\212\237\350\203\275\347\211\271\346\200\247\346\217\217\350\277\260.md" rename to docs/zh/Cloud/NestOS/NestOS/feature-description.md diff --git a/docs/zh/docs/NestOS/NestOS/figures/figure1.png b/docs/zh/Cloud/NestOS/NestOS/figures/figure1.png similarity index 100% rename from docs/zh/docs/NestOS/NestOS/figures/figure1.png rename to docs/zh/Cloud/NestOS/NestOS/figures/figure1.png diff --git a/docs/zh/docs/NestOS/NestOS/figures/figure2.png b/docs/zh/Cloud/NestOS/NestOS/figures/figure2.png similarity index 100% rename from docs/zh/docs/NestOS/NestOS/figures/figure2.png rename to docs/zh/Cloud/NestOS/NestOS/figures/figure2.png diff --git "a/docs/zh/docs/NestOS/NestOS/NestOS For Container\347\224\250\346\210\267\346\214\207\345\215\227.md" b/docs/zh/Cloud/NestOS/NestOS/nestos-for-container.md similarity index 99% rename from "docs/zh/docs/NestOS/NestOS/NestOS For Container\347\224\250\346\210\267\346\214\207\345\215\227.md" rename to docs/zh/Cloud/NestOS/NestOS/nestos-for-container.md index a0db105..9b7e0e3 100644 --- "a/docs/zh/docs/NestOS/NestOS/NestOS For Container\347\224\250\346\210\267\346\214\207\345\215\227.md" +++ b/docs/zh/Cloud/NestOS/NestOS/nestos-for-container.md @@ -910,7 +910,7 @@ rpm-ostree install systemctl reboot ``` -重启进入系统,查看系统包分层状态,可看到当前版本已安装 +重启进入系统,查看系统包分层状态,可看到当前版本已安装\ ```bash rpm-ostree status -v diff --git a/docs/zh/docs/NestOS/NestOS/overview.md b/docs/zh/Cloud/NestOS/NestOS/overview.md similarity index 100% rename from docs/zh/docs/NestOS/NestOS/overview.md rename to docs/zh/Cloud/NestOS/NestOS/overview.md diff --git a/docs/zh/Cloud/_menu.md b/docs/zh/Cloud/_menu.md new file mode 100644 index 0000000..7d05dfa --- /dev/null +++ b/docs/zh/Cloud/_menu.md @@ -0,0 +1,35 @@ +--- +label: '云原生' +children: + - label: '容器引擎' + children: + - reference: './ContainerEngine/iSulaContainerEngine/_menu.md' + - reference: './ContainerEngine/DockerEngine/_menu.md' + - label: '容器形态' + children: + - reference: './ContainerForm/SecureContainer/_menu.md' + - reference: './ContainerForm/SystemContainer/_menu.md' + - label: '容器运行时' + children: + - reference: './ContainerRuntime/Kuasar/_menu.md' + - label: '容器镜像构建工具' + children: + - reference: './ImageBuilder/isula-build/_menu.md' + - label: '云原生操作系统' + children: + - reference: './KubeOS/KubeOS/_menu.md' + - label: '云底座操作系统' + children: + - reference: './NestOS/NestOS/_menu.md' + - label: '混合部署' + children: + - reference: './HybridDeployment/rubik/_menu.md' + - reference: './HybridDeployment/oncn-bwm/_menu.md' + - label: '集群部署' + children: + - reference: './ClusterDeployment/Kubernetes/_menu.md' + - reference: './ClusterDeployment/iSulad+k8s/_menu.md' + - label: '服务网格' + children: + - reference: './Kmesh/Kmesh/_menu.md' +--- diff --git a/docs/zh/docs/1.py b/docs/zh/docs/1.py deleted file mode 100644 index fd33531..0000000 --- a/docs/zh/docs/1.py +++ /dev/null @@ -1,60 +0,0 @@ -import os -import re -from bs4 import BeautifulSoup - - -def fix_unclosed_tags(markdown_content): - """ - 修复Markdown内容中未闭合的HTML标签 - """ - # 使用正则表达式提取HTML片段 - html_fragments = re.findall(r'<[^>]+>', markdown_content) - - # 将HTML片段组合成一个完整的HTML文档 - html_content = '' + ''.join(html_fragments) + '' - - # 使用BeautifulSoup解析HTML - soup = BeautifulSoup(html_content, 'html5lib') - - # 获取修复后的HTML内容 - fixed_html = str(soup.body) - - # 去除多余的和标签 - fixed_html = fixed_html.replace('', '').replace('', '') - - # 将修复后的HTML替换回Markdown内容 - for original, fixed in zip(html_fragments, re.findall(r'<[^>]+>', fixed_html)): - markdown_content = markdown_content.replace(original, fixed) - - return markdown_content - - -def process_markdown_file(file_path): - """ - 处理单个Markdown文件 - """ - with open(file_path, 'r', encoding='utf-8') as file: - content = file.read() - - fixed_content = fix_unclosed_tags(content) - - with open(file_path, 'w', encoding='utf-8') as file: - file.write(fixed_content) - print(f"已修复文件: {file_path}") - - -def find_and_fix_markdown_files(root_dir): - """ - 递归查找并修复所有Markdown文件 - """ - for dirpath, _, filenames in os.walk(root_dir): - for filename in filenames: - if filename.endswith('.md'): - file_path = os.path.join(dirpath, filename) - process_markdown_file(file_path) - - -if __name__ == "__main__": - root_directory = r'/Users/liujingrong/Desktop/docs/docs/zh/docs/1newStruct/Server/Network' # 替换为你的Markdown文件根目录 - find_and_fix_markdown_files(root_directory) - print("所有Markdown文件已修复完成!") \ No newline at end of file diff --git a/docs/zh/docs/ClusterDeployment/Kubernetes/Menu/index.md b/docs/zh/docs/ClusterDeployment/Kubernetes/Menu/index.md deleted file mode 100644 index 958b26e..0000000 --- a/docs/zh/docs/ClusterDeployment/Kubernetes/Menu/index.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -headless: true ---- - -- [Kubernetes集群部署指南]({{< relref "./Kubernetes.md" >}}) - - [准备虚拟机]({{< relref "./preparing-VMs.md" >}}) - - [手动部署集群]({{< relref "./deploying-a-Kubernetes-cluster-manually.md" >}}) - - [安装Kubernetes软件包]({{< relref "./installing-the-Kubernetes-software-package.md" >}}) - - [准备证书]({{< relref "./preparing-certificates.md" >}}) - - [安装etcd]({{< relref "./installing-etcd.md" >}}) - - [部署控制面组件]({{< relref "./deploying-control-plane-components.md" >}}) - - [部署Node节点组件]({{< relref "./deploying-a-node-component.md" >}}) - - [自动部署集群]({{< relref "./eggo-automatic-deployment.md" >}}) - - [工具介绍]({{< relref "./eggo-tool-introduction.md" >}}) - - [部署集群]({{< relref "./eggo-deploying-a-cluster.md" >}}) - - [拆除集群]({{< relref "./eggo-dismantling-a-cluster.md" >}}) - - [运行测试pod]({{< relref "./running-the-test-pod.md" >}}) - - [基于containerd部署集群]({{< relref "./Kubernetes集群部署指南1.md" >}}) - - [常见问题与解决方法]({{< relref "./kubernates常见问题与解决方法.md" >}}) diff --git a/docs/zh/docs/ClusterDeployment/Menu/index.md b/docs/zh/docs/ClusterDeployment/Menu/index.md deleted file mode 100644 index 76c5e08..0000000 --- a/docs/zh/docs/ClusterDeployment/Menu/index.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -headless: true ---- - -- [Kubernetes集群部署指南]({{< relref "./Kubernetes/Menu/index.md" >}}) -- [iSulad+k8s集群部署指南]({{< relref "./iSulad+k8s/Menu/index.md" >}}) diff --git a/docs/zh/docs/ClusterDeployment/iSulad+k8s/Menu/index.md b/docs/zh/docs/ClusterDeployment/iSulad+k8s/Menu/index.md deleted file mode 100644 index d372d47..0000000 --- a/docs/zh/docs/ClusterDeployment/iSulad+k8s/Menu/index.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -headless: true ---- - -- [iSulad+k8s集群部署指南]({{< relref "./iSulad+k8s集群部署指南.md" >}}) - - [iSulad+k8s环境部署]({{< relref "./iSulad+k8s环境部署.md" >}}) - - [gitlab部署]({{< relref "./gitlab部署.md" >}}) - - [gitlab-runner部署]({{< relref "./gitlab-runner部署.md" >}}) diff --git a/docs/zh/docs/ContainerEngine/DockerEngine/Menu/index.md b/docs/zh/docs/ContainerEngine/DockerEngine/Menu/index.md deleted file mode 100644 index 794bf1f..0000000 --- a/docs/zh/docs/ContainerEngine/DockerEngine/Menu/index.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -headless: true ---- - -- [Docker容器]({{< relref "./Docker容器.md" >}}) - - [安装配置]({{< relref "./安装配置-3.md" >}}) - - [容器管理]({{< relref "./容器管理-3.md" >}}) - - [镜像管理]({{< relref "./镜像管理-3.md" >}}) - - [命令行参考]({{< relref "./命令行参考.md" >}}) - - [容器引擎]({{< relref "./容器引擎-4.md" >}}) - - [容器管理]({{< relref "./容器管理-4.md" >}}) - - [镜像管理]({{< relref "./镜像管理-4.md" >}}) - - [统计信息]({{< relref "./统计信息-4.md" >}}) - - [Docker常见问题与解决方法]({{< relref "./Docker常见问题与解决方法.md" >}}) diff --git a/docs/zh/docs/ContainerEngine/Menu/index.md b/docs/zh/docs/ContainerEngine/Menu/index.md deleted file mode 100644 index dbd6d00..0000000 --- a/docs/zh/docs/ContainerEngine/Menu/index.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -headless: true ---- - -- [iSula容器引擎]({{< relref "./iSulaContainerEngine/Menu/index.md" >}}) -- [Docker容器]({{< relref "./DockerEngine/Menu/index.md" >}}) diff --git a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/Menu/index.md b/docs/zh/docs/ContainerEngine/iSulaContainerEngine/Menu/index.md deleted file mode 100644 index c38c2de..0000000 --- a/docs/zh/docs/ContainerEngine/iSulaContainerEngine/Menu/index.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -headless: true ---- - -- [iSula容器引擎]({{< relref "./iSula容器引擎.md" >}}) - - [安装、升级与卸载]({{< relref "./安装-升级与卸载.md" >}}) - -[安装与配置]({{< relref "./安装与配置.md" >}}) - -[升级]({{< relref "./升级.md" >}}) - -[卸载]({{< relref "./卸载.md" >}}) - - [使用指南]({{< relref "./使用指南.md" >}}) - - [容器管理]({{< relref "./容器管理.md" >}}) - - [支持CNI网络]({{< relref "./支持CNI网络.md" >}}) - - [容器资源管理]({{< relref "./容器资源管理.md" >}}) - - [特权容器]({{< relref "./特权容器.md" >}}) - - [CRI-v1alpha2接口]({{< relref "./CRI-v1alpha2接口.md" >}}) - - [CRI-v1接口]({{< relref "./CRI-v1接口.md" >}}) - - [镜像管理]({{< relref "./镜像管理.md" >}}) - - [容器健康状态检查]({{< relref "./容器健康状态检查.md" >}}) - - [查询信息]({{< relref "./查询信息.md" >}}) - - [安全特性]({{< relref "./安全特性.md" >}}) - - [支持OCI hooks]({{< relref "./支持OCI-hooks.md" >}}) - - [本地卷管理]({{< relref "./本地卷管理.md" >}}) - - [iSulad shim v2 对接 StratoVirt]({{< relref "./iSula-shim-v2对接stratovirt.md" >}}) - - [iSulad支持cgroup v2]({{< relref "./iSulad支持cgroup v2.md" >}}) - - [iSulad支持CDI]({{< relref "./iSulad支持CDI.md" >}}) - - [iSulad支持NRI]({{< relref "./iSulad支持NRI.md" >}}) - - [常见问题与解决方法]({{< relref "./isula常见问题与解决方法.md" >}}) - - [附录]({{< relref "./附录.md" >}}) diff --git a/docs/zh/docs/ContainerForm/Menu/index.md b/docs/zh/docs/ContainerForm/Menu/index.md deleted file mode 100644 index 4a96f85..0000000 --- a/docs/zh/docs/ContainerForm/Menu/index.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -headless: true ---- - -- [安全容器]({{< relref "./SecureContainer/Menu/index.md" >}}) -- [系统容器]({{< relref "./SystemContainer/Menu/index.md" >}}) diff --git a/docs/zh/docs/ContainerForm/SecureContainer/Menu/index.md b/docs/zh/docs/ContainerForm/SecureContainer/Menu/index.md deleted file mode 100644 index 3a55af3..0000000 --- a/docs/zh/docs/ContainerForm/SecureContainer/Menu/index.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -headless: true ---- - -- [安全容器]({{< relref "./安全容器.md" >}}) - - [安装与配置]({{< relref "./安装与配置-2.md" >}}) - - [使用方法]({{< relref "./使用方法-1.md" >}}) - - [管理安全容器的生命周期]({{< relref "./管理安全容器的生命周期.md" >}}) - - [为安全容器配置资源]({{< relref "./为安全容器配置资源.md" >}}) - - [监控安全容器]({{< relref "./监控安全容器.md" >}}) - - [附录]({{< relref "./appendix-2.md" >}}) diff --git a/docs/zh/docs/ContainerForm/SystemContainer/Menu/index.md b/docs/zh/docs/ContainerForm/SystemContainer/Menu/index.md deleted file mode 100644 index ded094f..0000000 --- a/docs/zh/docs/ContainerForm/SystemContainer/Menu/index.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -headless: true ---- - -- [安全容器]({{< relref "./安全容器.md" >}}) - - [安装与配置]({{< relref "./安装与配置-2.md" >}}) - - [使用方法]({{< relref "./使用方法-1.md" >}}) - - [管理安全容器的生命周期]({{< relref "./管理安全容器的生命周期.md" >}}) - - [为安全容器配置资源]({{< relref "./为安全容器配置资源.md" >}}) - - [监控安全容器]({{< relref "./监控安全容器.md" >}}) - - [附录]({{< relref "./附录-3.md" >}}) diff --git a/docs/zh/docs/ContainerRuntime/Kuasar/Menu/index.md b/docs/zh/docs/ContainerRuntime/Kuasar/Menu/index.md deleted file mode 100644 index 6050d52..0000000 --- a/docs/zh/docs/ContainerRuntime/Kuasar/Menu/index.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -headless: true ---- - -- [Kuasar多沙箱容器运行时]({{< relref "./kuasar.md" >}}) - - [安装与配置]({{< relref "./kuasar-install-config.md" >}}) - - [使用指南]({{< relref "./kuasar-usage.md" >}}) - - [附录]({{< relref "./kuasar-appendix.md" >}}) diff --git a/docs/zh/docs/ContainerRuntime/Menu/index.md b/docs/zh/docs/ContainerRuntime/Menu/index.md deleted file mode 100644 index 4e2109b..0000000 --- a/docs/zh/docs/ContainerRuntime/Menu/index.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -headless: true ---- - -- [Kuasar多沙箱容器运行时]({{< relref "./Kuasar/Menu/index.md" >}}) diff --git a/docs/zh/docs/HybridDeployment/Menu/index.md b/docs/zh/docs/HybridDeployment/Menu/index.md deleted file mode 100644 index c93aa3b..0000000 --- a/docs/zh/docs/HybridDeployment/Menu/index.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -headless: true ---- - -- [云原生混合部署rubik用户指南]({{< relref "./rubik/Menu/index.md" >}}) -- [oncn-bwm用户指南]({{< relref "./oncn-bwm//Menu/index.md" >}}) diff --git a/docs/zh/docs/HybridDeployment/oncn-bwm/Menu/index.md b/docs/zh/docs/HybridDeployment/oncn-bwm/Menu/index.md deleted file mode 100644 index d4e601f..0000000 --- a/docs/zh/docs/HybridDeployment/oncn-bwm/Menu/index.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -headless: true ---- - -- [oncn-bwm用户指南]({{< relref "./overview.md" >}}) diff --git a/docs/zh/docs/HybridDeployment/rubik/Menu/index.md b/docs/zh/docs/HybridDeployment/rubik/Menu/index.md deleted file mode 100644 index ad2bfa4..0000000 --- a/docs/zh/docs/HybridDeployment/rubik/Menu/index.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -headless: true ---- - -- [云原生混合部署rubik用户指南]({{< relref "./overview.md" >}}) - - [安装与部署]({{< relref "./installation-and-deployment.md" >}}) - - [http接口文档]({{< relref "./http-apis.md" >}}) - - [混部隔离示例]({{< relref "./example-of-isolation-for-hybrid-deployed-services.md" >}}) diff --git a/docs/zh/docs/ImageBuilder/Menu/index.md b/docs/zh/docs/ImageBuilder/Menu/index.md deleted file mode 100644 index c572cff..0000000 --- a/docs/zh/docs/ImageBuilder/Menu/index.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -headless: true ---- - -- [容器镜像构建]({{< relref ".isula-build/Menu/index.md" >}}) diff --git a/docs/zh/docs/ImageBuilder/isula-build/Menu/index.md b/docs/zh/docs/ImageBuilder/isula-build/Menu/index.md deleted file mode 100644 index d91409f..0000000 --- a/docs/zh/docs/ImageBuilder/isula-build/Menu/index.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -headless: true ---- - -- [容器镜像构建]({{< relref "./isula-build构建工具.md" >}}) - - [使用指南]({{< relref "./isula-build使用指南.md" >}}) - - [常见问题与解决方法]({{< relref "./isula-build常见问题与解决方法.md" >}}) - - [附录]({{< relref "./isula-build附录.md" >}}) diff --git a/docs/zh/docs/Kmesh/Kmesh/Menu/index.md b/docs/zh/docs/Kmesh/Kmesh/Menu/index.md deleted file mode 100644 index 5b3a428..0000000 --- a/docs/zh/docs/Kmesh/Kmesh/Menu/index.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -headless: true ---- - -- [Kmesh用户指南]({{< relref "./Kmesh.md" >}}) - - [认识Kmesh]({{< relref "./认识Kmesh.md" >}}) - - [安装与部署]({{< relref "./安装与部署.md" >}}) - - [使用方法]({{< relref "./使用方法.md" >}}) - - [常见问题与解决方法]({{< relref "./常见问题与解决方法.md" >}}) - - [附录]({{< relref "./附录.md" >}}) diff --git a/docs/zh/docs/Kmesh/Menu/index.md b/docs/zh/docs/Kmesh/Menu/index.md deleted file mode 100644 index b1cc4b7..0000000 --- a/docs/zh/docs/Kmesh/Menu/index.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -headless: true ---- - -- [KubeOS用户指南]({{< relref "./KubeOS/Menu/index.md" >}}) diff --git a/docs/zh/docs/KubeOS/KubeOS/Menu/index.md b/docs/zh/docs/KubeOS/KubeOS/Menu/index.md deleted file mode 100644 index 83beb11..0000000 --- a/docs/zh/docs/KubeOS/KubeOS/Menu/index.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -headless: true ---- - -- [容器OS升级用户指南]({{< relref "./overview.md" >}}) - - [认识容器OS升级]({{< relref "./认识容器OS升级.md" >}}) - - [安装与部署]({{< relref "./安装与部署.md" >}}) - - [使用方法]({{< relref "./使用方法.md" >}}) - - [容器OS镜像制作指导]({{< relref "./容器OS镜像制作指导.md" >}}) diff --git a/docs/zh/docs/KubeOS/Menu/index.md b/docs/zh/docs/KubeOS/Menu/index.md deleted file mode 100644 index b1cc4b7..0000000 --- a/docs/zh/docs/KubeOS/Menu/index.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -headless: true ---- - -- [KubeOS用户指南]({{< relref "./KubeOS/Menu/index.md" >}}) diff --git a/docs/zh/docs/Menu/index.md b/docs/zh/docs/Menu/index.md deleted file mode 100644 index 48f57b0..0000000 --- a/docs/zh/docs/Menu/index.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -headless: true ---- - -- [容器引擎]({{< relref "./ContainerEngine/Menu/index.md" >}}) -- [容器形态]({{< relref "./ContainerForm/Menu/index.md" >}}) -- [容器运行时]({{< relref "./ContainerRuntime/Menu/index.md" >}}) -- [容器镜像构建工具]({{< relref "./ImageBuilder/Menu/index.md" >}}) -- [云原生操作系统]({{< relref "./KubeOS/Menu/index.md" >}}) -- [云底座操作系统]({{< relref "./NestOS/Menu/index.md" >}}) -- [混合部署]({{< relref "./HybridDeployment/Menu/index.md" >}}) -- [集群部署]({{< relref "./ClusterDeployment/Menu/index.md" >}}) -- [服务网格]({{< relref "./Kmesh/Menu/index.md" >}}) diff --git a/docs/zh/docs/NestOS/Menu/index.md b/docs/zh/docs/NestOS/Menu/index.md deleted file mode 100644 index 4e0bf66..0000000 --- a/docs/zh/docs/NestOS/Menu/index.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -headless: true ---- - -- [NestOS用户指南]({{< relref "./NestOS/Menu/index.md" >}}) diff --git a/docs/zh/docs/NestOS/NestOS/Menu/index.md b/docs/zh/docs/NestOS/NestOS/Menu/index.md deleted file mode 100644 index 75612e7..0000000 --- a/docs/zh/docs/NestOS/NestOS/Menu/index.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -headless: true ---- - -- [NestOS用户指南]({{< relref "./overview.md" >}}) - - [NestOS For Container用户指南]({{< relref "./NestOS For Container用户指南.md" >}}) - - [功能特性描述]({{< relref "./功能特性描述.md" >}}) diff --git a/docs/zh/docs/container.md b/docs/zh/docs/container.md deleted file mode 100644 index 04cb5ef..0000000 --- a/docs/zh/docs/container.md +++ /dev/null @@ -1,18 +0,0 @@ -# 概述 - -openEuler软件包中同时提供了轻量化容器引擎iSulad与docker engine两种容器引擎。 - -同时根据不同使用场景,提供多种容器形态,包括: - -- 适合大部分通用场景的普通容器 -- 适合强隔离与多租户场景的安全容器 -- 适合使用systemd管理容器内业务场景的系统容器 - -本文档提供容器引擎的安装和使用方法以及各个容器形态的部署使用方法。 - -## 读者对象 - -本文档主要适用于使用openEuler并需要安装容器的用户。用户需要具备以下经验和技能: - -- 熟悉Linux基本操作 -- 对容器有一定了解 -- Gitee