Kata Containers
Kata Containers is an open source project and community working to build a standard implementation of lightweight VMs that feel and perform like containers, but provide the workload isolation and security advantages of adding a virtual machine layer.
SEATTLE (PRWEB) December 11, 2018
KUBECON/CLOUDNATIVECON NA — Marking the project’s one-year anniversary, the Kata Containers community will be at KubeCon this week to talk about the latest v1.4 release and use cases for secure containers.
Kata Containers is an open source project and community working to build a standard implementation of lightweight VMs that feel and perform like containers, but provide the workload isolation and security advantages of adding a virtual machine layer. In the last year, the project has added features to make Kata Containers easier to deploy in production (by request of the community’s Cloud Service Provider participants) and also has scaled to support more architectures, including AMD64, ARM/ARM64 and IBM p-series in addition to Intel.
***To download the software or get involved in the community, visit katacontainers.io.***
Meet members of the Kata Containers community at booth S17 in the expo. Xu Wang of Hyper.sh, Eric Ernst of Intel, and Jon Olson of Google—members of the Architecture Committee—will join other Kata Containers community leaders at the event. Kata Containers will be featured in nearly a dozen sessions, notably:
- Tutorial: KataContainers the Hard Way: Kubernetes + containerd + KataContainers - Lei Zhang, Alibaba, and Xu Wang, HyperHQ
- Container Security and Multi-Tenancy Tales from Kata and Nabla - Ricardo Aravena, Branch Metrics, and James Bottomley, IBM
- This Year, It’s About Security - Maya Kaczorowski and Brandon Baker, Google
- Recent Advancements in Container Isolation - Tim Allclair, Google
Version 1.4 of Kata Containers is now available and includes new features such as:
- Host cgroups support: The virtual machine is now constrained in a host side cpu cgroup, enabling the requested cpu quota and periods to be better honored, protecting against a single container using up host resources which could lead to things like denial of service.
- NEMU `virt` machine type support: This new machine type is optimized for cloud environments. NEMU is a lighter weight version of QEMU intended to reduce the VM attack footprint, improving security. To learn more, see https://github.com/intel/nemu.
- New NetInterworkingModel `none`: It works with tap endpoint types so that enlightened CNI plugins can add tap devices to a sandbox directly, bypassing host network namespaces and providing better performance with less network setup complexity.
- New NetInterworkingModel `tcfilter`: Another method for Kata Containers to bridge the host netns veth and guest tap device, with TC filter rules. Delivers more compatibility with different network endpoint types and CNI plugins.
- Enable macvlan and ipvlan network support: Networking models provide lightweight, fast access to underlay or host interfaces without NATing.
- Guest rootfs image get `guest_hook_path`: Saves prestart/poststart/prestop/poststop hook binaries, and they will be executed in the guest at a specified container life cycle point accordingly. This helps with vendor-specific device passthrough to the Kata VM.
The 1.3.0 and 1.2.2 stable releases were released in September, with features like Network and Memory hotplug in order to better support CSP customers’ running production environments. The community also continued its pursuit of cross-architectural design by adding more support for ARM64 as well as Intel(R) Graphics Virtualization Technology. For details, please see https://github.com/kata-containers/runtime/releases/tag/1.3.0.
Global, Engaged Community
The community recently hosted a meetup in China designed for large cloud providers including Alibaba, Baidu, Huawei, Tencent and more to share adoption plans and feedback for the Kata Containers roadmap. The Kata Containers community continues to work closely with the OCI and Kubernetes communities to ensure compatibility, and regularly tests Kata Containers across Azure, GCP and OpenStack public cloud environments.
About Kata Containers
Kata Containers is an independent open source community collaboratively developing code under the Apache 2 license. Anyone is welcome to join and contribute code, documentation, and use cases. The project is supported by the OpenStack Foundation.