Virtio-fs for Kata Containers storage Stefan Hajnoczi <[email protected]> February !th "# ! Kata Containers $rchitecture Committee Cal% Virtio-fs o&ervie' (e' host)guest *%e system+ ● ,a-es ad&antage of co-location of host and guest . not a net'ork /rotoco% ● Designed 'ith containers and %ight'eight V1s in mind ● &irtio-9/ re/%acement in Kata Containers 0e&elo/ed by a team of *%e systems and &irtua%ization develo/ers 2roject started and *rst /atches /ub%ished in "# 3 htt/s+44&irtio-fs.git%ab.io4 " Usage in Kata Containers Container storage+ ● Container images ● Vo%umes 7-ataShared8 mount contains shared directories for each container Virtio-fs is a dro/-in rep%acement for &irtio-9/ 5 Kata con*guration.tom% enable_virtio_fs = true virtio_fs_daemon = "path/to/virtiofsd" virtio_fs_cache_size = 2 # GB # Cache mode: none (default), auto (NFS-like), always (cache everything) virtio_fs_cache = "none" # Use shared version metadata (experimental feature) virtio_fs_shared_versions = false 9 Architecture &irtio;fs.-o >uest sends requests to &irtiofs daemon >uest 0$C 0aemon /erforms @4A in a Host sandboBed /rocess 0aemon arranges 0$X ma//ings <=16 &irtiofsd 'ith <=16 0$X a%%o's @4A 'ithout &meBits Shared directory : Virtio-fs is built on FUSE ,he core &ocabu%ary is Einux FUSE 'ith &irtio-fs eBtensions Guest acts as FUSE clientF host acts as *%e system daemon $rbitrary F6SE *%e system daemons cannot run o&er &irtio-fs &irtiofsd is a FUSE *%e system daemon and a &host-user device $%ternati&e *%e system daemon im/%ementations are /ossib%e ● Ather storage backendsF security featuresF etc D 0$C – host page cache sharing Hegions of *%es can be ma//ed into guest memory s/ace Guest accesses these /ages from host /age cache ● $&oids a data co/y into guest H$1 ● Heduces memory foot/rint ● Heduces &mexits 'hen /age is accessed repeated%y ● Coherent access to shared 'ritab%e *%es on host I1$2;SH$H=0J $%ready functiona% 'ith ongoing o/timization 'or- G Security Fi%e system daemon runs in a sandboBab%e /rocess on the host Ane step closer to non-root <=1U in Kata Containers Virtiofsd /asses through uid4gid &a%ues Isame mode% as Kata !/J 3 2erformance (otes+ 5" >K host H$1 virtio-9p vs virtio-fs I/O performance 3 >K guest H$1 fio bs=4k size=4G ioengine=mmap numjobs=1 3 >K 0$X 'indo' 300 250 Kerne% &ersion 9."#.G- ) ##.fc"3.B3D;D9 s 9p mmap / 200 B i Virtio-fs none+dax M ( t 150 9p loose u XFS host *%e system on p h Virtio-fs always+dax g 2C@ SSD u 100 o r h T @nte% Ceon =5-2D"# &" @ 50 ". #>Hz I" soc-ets B D coresJ 0 seqread randread seqwrite randwrite I/O pattern ! Status Lorking on getting the fo%%o'ing changes merged (rough%y in orderJ+ ● V@H,@A s/eci*cation ● Spec eBtension for shared memory resources ● Virtio-fs device ty/e ● Einux -ernel FUSE client ● <=16 ● &host-user-fs device ● Virtiofsd &host-user device backend ● Kata Containers ● Huntime M agent changes Angoing /erformance o/timization I0$CF cache modesJ # <uestionsN https+44&irtio-fs.git%ab.io/ Contributors+ Da&id Gi%bertF 1i-%os SzerediF Vi&e- Goya%F myse%f .