Welcome to Quark Container.
This repository is the home of Quark Containers code.
Quark Container is high performance secure container runtime with following features:
The performance slices is performance.pdf. The detail test steps and result is here
Quark Container takes classic Linux Virtual Machine architecture as below. It includes an HyperVisor named QVisor and a guest kernel named QKernel. Unlike the common Linux Virtual Machine design, in which standard OS image such as Linux/Windows can run on Qemu. QVisor and QKernel are tightly coupled. QVisor only supports QKernel.
Quark Container's high level design is as below. It handles Container Application request with following steps.
Quark Container supports to transfer the container application's TCP traffic with RDMA connection, i.e. TSoR. TSoR is a container network provider in K8S cluster and the existing TCP based container application can transfer data through RDMA without ANY modification. As TSoR offloads the TCP/IP protocol stack workload to RDMA NIC. It can achieve higher throughput, low latency with less CPU footprint. The TSOR test result is the Redis benchmark test result with comparison between Quark + TSoR and RunC + Flannel. TSoR shows 5 times throughput improvement over Flannel. The TSoR architecture is as below. The introduction is here
Quark primarily supports X86-64. aarch64 support is preliminary and under active development. Other architecture will be available in the future.
Quark is developed with Rust language. The build needs to install Rust nightly.
Please use current known good version
nightly-2023-12-11-x86_64-unknown-linux-gnu
(replace x86_64
with aarch64
for the aarch64 build)
rustup toolchain install nightly-2023-12-11-x86_64-unknown-linux-gnu
rustup default nightly-2023-12-11-x86_64-unknown-linux-gnu
Add the rust-src component to the current toolchain:
rustup component add rust-src
And install "cargo-xbuild" for qkernel cross compilation
cargo install cargo-xbuild
Install libcap library
sudo apt-get install libcap-dev
Also, some extra libraries for compiling RDMA module:
sudo apt-get install build-essential cmake gcc libudev-dev libnl-3-dev
libnl-route-3-dev ninja-build pkg-config valgrind python3-dev cython3
python3-docutils pandoc libclang-dev
And also some extra libraries for compiling GPU module:
(Please note, you can execute following commands even in non nvidia machine to
get ability for compiling GPU module.)
sudo apt-get install libelf-dev nvidia-driver-535
git clone [email protected]:QuarkContainer/Quark.git
cd Quark
make
make install
make cuda_all
make install
make install
. "quark"
contains QVisor code and it also implement the OCI interface.sudo mkdir /var/log/quark
sudo systemctl restart docker
The hello-world docker sample application can be executed as below:
sudo systemctl restart docker
sudo systemctl restart docker.service
docker run --rm --runtime=quark hello-world
Quark Container's configuration file is at /etc/quark/config.json . Configuration detail is TBD...
Quark Container's debug log is put in /var/log/quark/quark.log. It could enable or disable by "DebugLevel" of /etc/quark/config.json. There are 5 possible value of "DebugLevel" as below.
Off,
Error,
Warn,
Info,
Debug,
Trace,
When log is enabled, e.g. Debug. After run a docker image with Quark Container, the logs will be generated in the /var/log/quark/quark.log. See the wiki for further debugging tips.
Please refer to this link to set up k8s using quark container and RDMA support.
Quark now has preliminary aarch64 support (still under active development).
Notes on newer arm64 architectures:
newer arm64 architectures add PAN (Privilege Access Never) bit in the pstate which prevents the kernel (el1) from accessing user (el0) memory. Full support is WIP. As a temporary workaround we simply clear the PAN in the qkernel. To do this, you need to manually apply this patch
~quark/[email protected]
. To subscribe to
the list, send an empty email to ~quark/[email protected]
To learn more about using mailinglist, see the Mailing list etiquette.