kubevirt 介绍
Kubevirt 是 Redhat 开源的一套以容器方式运行虚拟机的项目,通过 kubernetes 云原生方式来管理虚拟机生命周期。它通过使用自定义资源(CRD)和其它 Kubernetes 功能来无缝扩展现有的集群,以提供一组可用于管理虚拟机的虚拟化API。
利用 KubeVirt 和 Kubernetes 可以管理不便于容器化且适合虚拟机的应用,将已有的虚拟化工作负载与新容器化的工作负载相结合共存于同一个平台,并支持在容器中与已有的虚拟化应用有交互的新微服务应用的开发。
KubeVirt 项目于 2016 年底在红帽启动,由Red Hat、IBM、Google、Intel、SUSE等公司和组织共同推动和贡献。提出的问题是:虚拟机 (VM) 可以在容器中运行并由 Kubernetes 部署吗?事实证明,它不仅是可行的,而且很快就成为容器时代虚拟机未来的一个有前景的解决方案。
KubeVirt 于 2019 年 9 月作为沙箱项目加入CNCF,并于 2022 年 4 月作为孵化项目加入 CNCF。经过7年的不懈努力,KubeVirt于2023年7月发布v1.0.0,标志着其已达到生产就绪水平并拥有健康的社区。
云原生虚拟化介绍
参考:https://www.redhat.com/zh/engage/container-virtualisation-2024
云原生虚拟化(Cloud Native Virtualization)是指将虚拟化技术与云原生生态系统相结合,以更高效地管理虚拟机(VM)和容器化的工作负载。它将虚拟机作为云原生架构中的一部分,与容器工作负载一起运行、管理和编排,从而提供更强的灵活性和资源利用率。
传统虚拟化将多个虚拟机运行在物理服务器上,而云原生虚拟化则以云原生的方式进行虚拟机管理,集成了容器、微服务架构和现代 DevOps 实践。其主要目标是使虚拟机和容器能够无缝共存,并利用 Kubernetes 等编排工具来管理所有工作负载。
如何选择合适的虚拟化技术路线,云原生2.0时代,虚拟化技术发展路线。
在当今的企业环境中,虚拟化建设已经成为常态,而部分企业更是迈入了云原生时代,我们将其称为云原生1.0时代。随着业务和产品的不断演进,例如虚拟化产品的升级和新业务的涌现,企业迫切需要一个更加灵活、高效和简洁的核心平台,这标志着云原生2.0时代的到来。
kubevirt 安装
官方文档:https://kubevirt.io/user-guide/cluster_admin/installation/
环境信息
3个kubernetes节点,操作系统为Ubuntu 22.04.2 LTS,CPU内存磁盘4C/16G/100G,kubernetes版本v1.29.3。
root@node40:~# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
node40 Ready control-plane 154d v1.29.3 192.168.72.40 <none> Ubuntu 22.04.2 LTS 5.15.0-105-generic containerd://1.7.15
node41 Ready <none> 154d v1.29.3 192.168.72.41 <none> Ubuntu 22.04.2 LTS 5.15.0-76-generic containerd://1.7.15
node42 Ready <none> 154d v1.29.3 192.168.72.42 <none> Ubuntu 22.04.2 LTS 5.15.0-122-generic containerd://1.7.15
前置要求
在开始之前需要满足一些要求:
- Kubernetes集群或衍生产品(例如OpenShift)基于 KubeVirt 版本发布时发布的最新三个 Kubernetes 版本之一。
- Kubernetes apiserver 必须具有
--allow-privileged=true才能运行 KubeVirt 的特权 DaemonSet。 kubectl客户端实用程序
版本支持矩阵
官方参考:https://github.com/kubevirt/sig-release/blob/main/releases/k8s-support-matrix.md
kubevirt与kubernetes版本兼容性如下表所示:
| KubeVirt版本 | 1.30 | 1.29 | 1.28 | 1.27EOL | 1.26EOL | 1.25EOL |
|---|---|---|---|---|---|---|
| 1.3 | ✓ | ✓ | ✓ | - | - | - |
| 1.2 | - | ✓ | ✓ | EOL | - | - |
| 1.1 | - | - | ✓ | EOL | EOL | - |
| 1.0 | - | - | - | EOL | EOL | EOL |
| 0.59 | - | - | - | - | EOL | EOL |
注意: EOL表示 Kubernetes 版本受 KubeVirt 支持,但已达到生命周期终点。
容器运行时支持
目前以下容器运行时支持 KubeVirt:
- containerd
- crio (with runv)
其他不使用虚拟化功能的容器运行时也应该可以工作。然而,上述那些是主要目标。
验证硬件虚拟化支持
建议使用支持虚拟化的硬件。您可以使用 virt-host-validate 确保您的主机能够运行虚拟化工作负载:
$ apt install libvirt-clients -y
$ virt-host-validate qemu
QEMU: Checking for hardware virtualization : PASS
QEMU: Checking if device /dev/kvm exists : PASS
QEMU: Checking if device /dev/kvm is accessible : PASS
QEMU: Checking if device /dev/vhost-net exists : PASS
QEMU: Checking if device /dev/net/tun exists : PASS
...
kubevirt 安装流程
KubeVirt 可以使用 KubeVirt operator安装,该operator管理所有 KubeVirt 核心组件的生命周期。以下是如何使用官方版本安装 KubeVirt 的示例。
下载yaml文件
export RELEASE=v1.3.0
wget https://github.com/kubevirt/kubevirt/releases/download/${RELEASE}/kubevirt-operator.yaml
wget https://github.com/kubevirt/kubevirt/releases/download/${RELEASE}/kubevirt-cr.yaml
运行yaml文件
kubectl apply -f kubevirt-operator.yaml
kubectl apply -f kubevirt-cr.yaml
等待组件完全启动
kubectl -n kubevirt wait kv kubevirt --for condition=Available
查看运行的pods
root@node40:~# kubectl -n kubevirt get pods
NAME READY STATUS RESTARTS AGE
virt-api-f97fbdff-twmw9 1/1 Running 0 4d17h
virt-api-f97fbdff-vmnlg 1/1 Running 0 4d17h
virt-controller-6bf9f4477f-4lzgg 1/1 Running 3 (3d20h ago) 4d17h
virt-controller-6bf9f4477f-dr6dw 1/1 Running 2 (3d20h ago) 4d17h
virt-handler-86zh6 1/1 Running 0 4d17h
virt-handler-mhdqq 1/1 Running 0 4d17h
virt-handler-xcp7k 1/1 Running 0 4d17h
virt-operator-59f5558dcd-5txb8 1/1 Running 3 (3d20h ago) 4d17h
virt-operator-59f5558dcd-hzvw6 1/1 Running 2 (3d20h ago) 4d17h
如果硬件虚拟化不可用,则可以通过在 KubeVirt CR 中设置来启用软件模拟回退,将 spec.configuration.developerConfiguration.useEmulation 设置为true如下:
$ kubectl edit -n kubevirt kubevirt kubevirt
将以下内容添加到kubevirt.yaml文件中
spec:
...
configuration:
developerConfiguration:
useEmulation: true
virtctl 客户端工具安装
基本的 VirtualMachineInstance 操作可以使用 stock kubectl实用程序执行。但是,需要virtctl二进制实用程序才能使用高级功能,例如:
- 串行和图形控制台访问
- 启动和停止 VirtualMachineInstances
- 实时迁移 VirtualMachineInstances 和取消实时迁移
- 上传虚拟机磁盘镜像
可以从官方发布页面检索该工具的最新版本。
下载安装示例如下:
export VERSION=v1.3.0
curl -L -o virtctl https://github.com/kubevirt/kubevirt/releases/download/${VERSION}/virtctl-${VERSION}-linux-amd64
chmod +x virtctl
sudo install virtctl /usr/local/bin
kubevirt 创建虚拟机
kubevirt支持多种方式导入虚拟机镜像,常用的有containerDisk、dataVolume、persistentVolumeClaim (PVC)等。
具体参考官方文档:https://kubevirt.io/user-guide/storage/disks_and_volumes/
下面以containerDisk为例,介绍如何创建和管理虚拟机。
官方container-disk镜像地址:https://github.com/kubevirt/containerdisks
| Name | Image |
|---|---|
| CentOS Stream | quay.io/containerdisks/centos-stream:9 |
| Fedora | quay.io/containerdisks/fedora:40 |
| Ubuntu | quay.io/containerdisks/ubuntu:22.04 |
创建cirros虚拟机
下载官方示例yaml文件
wget https://kubevirt.io/labs/manifests/vm.yaml
查看yaml文件内容
root@node40:~# cat vm.yaml
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: testvm
spec:
running: false
template:
metadata:
labels:
kubevirt.io/size: small
kubevirt.io/domain: testvm
spec:
domain:
devices:
disks:
- name: containerdisk
disk:
bus: virtio
- name: cloudinitdisk
disk:
bus: virtio
interfaces:
- name: default
masquerade: {}
resources:
requests:
memory: 64M
networks:
- name: default
pod: {}
volumes:
- name: containerdisk
containerDisk:
image: quay.io/kubevirt/cirros-container-disk-demo
- name: cloudinitdisk
cloudInitNoCloud:
userDataBase64: SGkuXG4=
应用yaml文件
kubectl apply -f vm.yaml
查看创建的虚拟机,默认虚拟机未启动
root@node40:~# kubectl get vm
NAME AGE STATUS READY
testvm 4s Stopped False
启动虚拟机
root@node40:~# virtctl start testvm
VM testvm was scheduled to start
查看虚拟机运行状态为Running
root@node40:~# kubectl get vm
NAME AGE STATUS READY
testvm 3m19s Running True
通过控制台访问虚拟机
root@node40:~# virtctl console testvm
Successfully connected to testvm console. The escape sequence is ^]
login as 'cirros' user. default password: 'gocubsgo'. use 'sudo' for root.
testvm login: cirros
Password:
$
$ cat /etc/os-release
NAME=Buildroot
VERSION=2015.05-g31af4e3-dirty
ID=buildroot
VERSION_ID=2015.05
PRETTY_NAME="Buildroot 2015.05"
$
通过nodeport service 暴露虚拟机SSH端口
virtctl expose virtualmachine testvm --name vmiservice-node --target-port 22 --port 24 --type NodePort
查看创建的service
root@node40:~# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 154d
vmiservice-node NodePort 10.96.3.81 <none> 24:32310/TCP 2m42s
通过SSH远程访问虚拟机
root@node40:~# ssh -p 32310 cirros@192.168.72.40
cirros@192.168.72.40's password:
$
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast qlen 1000
link/ether 3e:01:5a:08:21:5b brd ff:ff:ff:ff:ff:ff
inet 10.0.2.2/24 brd 10.0.2.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::3c01:5aff:fe08:215b/64 scope link
valid_lft forever preferred_lft forever
$
创建CentOS虚拟机
示例yaml如下
root@node40:~# cat centos_vm.yaml
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
creationTimestamp: null
name: centos-stream
spec:
runStrategy: Always
template:
metadata:
creationTimestamp: null
spec:
domain:
devices:
disks:
- disk:
bus: virtio
name: containerdisk
- disk:
bus: virtio
name: cloudinit
rng: {}
resources:
requests:
memory: 1Gi
terminationGracePeriodSeconds: 180
volumes:
- containerDisk:
image: quay.io/containerdisks/centos-stream:9
name: containerdisk
- cloudInitNoCloud:
userData: |-
#cloud-config
# The default username is: cloud-user
password: cloud-password
chpasswd: { expire: False }
name: cloudinit
status: {}
创建虚拟机
kubectl apply -f centos_vm.yaml
访问虚拟机,默认用户为cloud-user,密码为cloudInitNoCloud中设定的密码cloud-password。
root@node40:~# kubectl get vm
NAME AGE STATUS READY
centos-stream 19m Running True
testvm 69m Running True
root@node40:~#
root@node40:~# virtctl console centos-stream
Successfully connected to centos-stream console. The escape sequence is ^]
centos-stream login: cloud-user
Password:
Last login: Sun Sep 22 22:06:45 on ttyS0
[cloud-user@centos-stream ~]$ cat /etc/os-release
NAME="CentOS Stream"
VERSION="9"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="9"
PLATFORM_ID="platform:el9"
PRETTY_NAME="CentOS Stream 9"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:centos:centos:9"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://issues.redhat.com/"
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream"
[cloud-user@centos-stream ~]$
创建Fedora虚拟机
示例yaml如下
root@node40:~# cat fedora_vm.yaml
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
creationTimestamp: null
name: fedora
spec:
runStrategy: Always
template:
metadata:
creationTimestamp: null
spec:
domain:
devices:
disks:
- disk:
bus: virtio
name: containerdisk
- disk:
bus: virtio
name: cloudinit
rng: {}
features:
acpi: {}
smm:
enabled: true
firmware:
bootloader:
efi:
secureBoot: true
resources:
requests:
memory: 1Gi
terminationGracePeriodSeconds: 180
volumes:
- containerDisk:
image: quay.io/containerdisks/fedora:40
name: containerdisk
- cloudInitNoCloud:
userData: |-
#cloud-config
# The default username is: fedora
password: fedora
chpasswd: { expire: False }
name: cloudinit
status: {}
访问虚拟机,默认用户为fedora,密码为cloudInitNoCloud中设定的密码fedora。
root@node40:~# kubectl get vm
NAME AGE STATUS READY
centos-stream 10m Running True
fedora 5m31s Running True
testvm 60m Running True
root@node40:~#
root@node40:~# virtctl console fedora
Successfully connected to fedora console. The escape sequence is ^]
fedora login: fedora
Password:
[fedora@fedora ~]$ cat /etc/os-release
NAME="Fedora Linux"
VERSION="40 (Cloud Edition)"
ID=fedora
VERSION_ID=40
VERSION_CODENAME=""
PLATFORM_ID="platform:f40"
PRETTY_NAME="Fedora Linux 40 (Cloud Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:40"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f40/system-administrators-guide/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=40
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=40
SUPPORT_END=2025-05-13
VARIANT="Cloud Edition"
VARIANT_ID=cloud
[fedora@fedora ~]$
创建Ubuntu虚拟机
示例yaml如下
root@node40:~# cat ubuntu_vm.yaml
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
creationTimestamp: null
name: ubuntu
spec:
runStrategy: Always
template:
metadata:
creationTimestamp: null
spec:
domain:
devices:
disks:
- disk:
bus: virtio
name: containerdisk
- disk:
bus: virtio
name: cloudinit
rng: {}
resources:
requests:
memory: 1Gi
terminationGracePeriodSeconds: 180
volumes:
- containerDisk:
image: quay.io/containerdisks/ubuntu:22.04
name: containerdisk
- cloudInitNoCloud:
userData: |-
#cloud-config
# The default username is: ubuntu
password: ubuntu
chpasswd: { expire: False }
name: cloudinit
status: {}
访问虚拟机,默认用户为ubuntu,密码为cloudInitNoCloud中设定的密码ubuntu。
root@node40:~# kubectl get vm
NAME AGE STATUS READY
centos-stream 19m Running True
fedora 14m Running True
testvm 69m Running True
ubuntu 86s Running True
root@node40:~#
root@node40:~# virtctl console ubuntu
Successfully connected to ubuntu console. The escape sequence is ^]
ubuntu login: ubuntu
Password:
Welcome to Ubuntu 22.04.5 LTS (GNU/Linux 5.15.0-119-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
System information disabled due to load higher than 1.0
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
The list of available updates is more than a week old.
To check for new updates run: sudo apt update
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@ubuntu:~$
ubuntu@ubuntu:~$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
ubuntu@ubuntu:~$
