X
Innovation

Kata Containers Project launches to secure container infrastructure

OpenStack, the open-source IaaS cloud, is branching out into containers with secure Kata containers.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

At KubeCon in Austin, Texas, the OpenStack Foundation announced a new-open source project, Kata Containers. This new container project unites Intel Clear Containers with Hyper's runV. The aim? To unite the security advantages of virtual machines (VMs) with the speed and manageability of container technologies.

It does this by provides container isolation and security without the overhead of running them in a Virtual Machine (VM). Usually. Containers are run in VMs for security, but that removes some of the advantages of using containers with their small resources footprint. The purpose of runV was to make VMs run like containers. In Kata, this approach is combined with Intel's Clear Containers, which uses Intel built-in chip Virtual Technology (VT), to launch containers in lightweight virtual machines (VMs). With Kata, those containers are launched in runV.

That said, the Kata Containers Project is designed to be hardware agnostic. It's also built to be compatible with the Open Container Initiative (OCI) specification, and Kubernetes' container runtime interface (CRI).

Kata Containers offers users the power to run container management tools directly on bare metal without sacrificing workload isolation. When compared to running containers on virtualized infrastructure, which is what usually done today, benefits include increased performance, faster boot time, and cost efficiencies.

The Kata Containers project is made up of six components: The Agent, Runtime, Proxy, Shim, Kernel, and packaging of QEMU 2.9, an open-source VM hypervisor. Even with QEMU and runV included, it's designed run on multiple hypervisors.

Now, you may be asking yourself: "What's a Infrastucture-as-a-Service (IaaS) cloud group like OpenStack doing with containers?" So, I asked, Jonathan Bryce, executive director of the OpenStack Foundation, that very question. He replied, "Kata Containers are targeted at operators. You don't need to know it's under the hood. It solves real problems of maximizing the use of cloud resources and security."

In short, it will help OpenStack users. That said, Bryce added, "While OpenStack users may benefit from the new technology, Kata Containers is an independent project with its own technical governance and contributor base. The Kata Containers community expects to collaborate and target all popular infrastructure providers and container orchestration frameworks in addition to OpenStack-powered clouds."

In addition to Intel and Hyper, the following companies are supporting the project at launch: 99cloud, AWcloud, Canonical, China Mobile, City Network, CoreOS, Dell/EMC, EasyStack, Fiberhome, Google, Huawei, JD.com, Mirantis, NetApp, Red Hat, SUSE, Tencent, Ucloud, UnitedStack, and ZTE. In short, it has broad support from the get-go.

By combining the two open-source code bases and moving the project to open governance, the Kata Containers community initial goal will be to attract more contributors, supporting diverse hardware architectures and driving technology adoption. Contributors can expect to work upstream across multiple infrastructure and container orchestration communities, including Kubernetes, Docker, OCI, CRI, CNI, QEMU, KVM, HyperV, and OpenStack.

The name, Kata Containers, comes from the Greek word, Καταπίστευμα ("ka-ta-PI-stev-ma"), which translates as "trust something to someone." It also references the Japanese word for a system of martial arts training exercises. Either way, it promises to make containers even more efficient for their users.

PREVIOUS AND RELATED COVERAGE

    CoreOS Tectonic 1.8 unites container management across clouds

    Kubernetes can free users from being locked into a single cloud, and CoreOS wants to help them do this with its release of Tectonic 1.8.

    AWS launches elastic container service for Kubernetes

    Amazon Elastic Container Service for Kubernetes is a fully-managed service that allows the use of Kubernetes on AWS.

    Red Hat partners with AWS with OpenShift Container Platform 3.7

    Red Hat wants to be your AWS hybrid cloud and container company as well your Linux provider.

    Editorial standards