Kata Containers 1.0 Released
by Eric Ernst
Designed to deliver a secure way to run containers at scale without compromising performance.
Back in 2015, engineers from the Intel Open Source Technology Center began looking to enhance security isolation in the container ecosystem using Intel® Virtualization Technology (Intel® VT) – work that resulted in the launch of the Intel® Clear Containers project. Intel hardware virtualization support has been around for more than 10 years now, and it has been exciting to see it leveraged in new, modern design patterns. With it, Intel users can be confident they are using proven hardware features to the fullest to help provide a secure yet efficient base in the container ecosystem.
Fast forward two years and the Kata Containers project was announced at KubeCon North America in Austin, Texas. This announcement set in motion a plan to combine the features of Intel Clear Containers and Hyper.sh’s runV technology in a single platform.
Kata Containers is an open source project with code contributed by Intel and Hyper.sh. Working on Kata, I’ve had the opportunity to collaborate with individuals from companies including ARM, Branch Metrics, Dell, Google, Huawei, Hyper, IBM, Intel, Microsoft, Oracle, and 99cloud as well as the OpenStack Foundation. It’s been great to work on Clear and Kata Containers for the last year and a half, and I’m very excited about today’s Kata 1.0.0 full release.
The process of combining two projects is hard, not just from a technical level, but also in building a community and understanding of "how we work." To do this while also pushing the project forward from a technical perspective was a fun challenge. Engineers at Hyper.sh have done great work on runV and actually use runV in production with their cloud provider services, offering Kata production-tested code. Being able to collaborate on a single project with Hyper and other industry leaders is very exciting.
With Kata 1.0.0 released, we have plans to deprecate Intel Clear Containers 3.0 – there will not be another major release. Thanks for the fun Clear Containers! It’s been real.
For the community, this provides reduced fragmentation and hopefully a de-facto standard for enhanced isolation via hardware virtualization. Companies that would have spent effort evaluating the merits of multiple projects now have a much easier choice.
For existing Clear Container users, the transition to Kata should be painless. The Kata upgrade document explains the process in full. Much like Clear Containers, the Kata Containers project provides an Open Container Initiative (OCI)-compliant runtime, called kata-runtime, which looks and feels much the same as cc-runtime from Clear Containers. In fact, much of the code base for the OCI compliant runtime is identical, with improvements for more robust container runtime interface (CRI) handling and similar support for device pass-through, Kubernetes* integration, vhost-user and SRIO-V. Through our contributions, continuous integration and testing, kata-runtime is in better shape than cc-runtime.
Going forward, I am looking forward to expanding our contributor base to include developers from more companies. As a community, we’ll continue to work on features that help Kata fit well into the existing ecosystem, support more architectures and hypervisors, improve performance, and provide differentiation. Check out our backlog – we have a lot on our plate, and I’m sure more will come!
There is a lot of interesting work to do post release, and it will be exciting to work with the community to deliver it all. We are looking for groups to collaborate with on development as well as usage of Kata Containers, so please get involved. Go to the github, check out the architecture, pull down the latest packages or build the sources, and please kick the tires. Don’t hesitate to dive in and get in touch via slack, IRC, email, or at conferences!
About the Author:
Eric Ernst is a developer on Intel Clear Containers, now Kata Containers, a project utilizing hardware virtualization to improve the security of containers. Eric works on virtualization technology, CNM/CNI container networking technology, Docker*, Kubernetes, and CRIO while working on an OCI compatible container runtime.
Slack: link: https://katacontainers.slack.com; invite: http://bit.ly/KataSlack
IRC: #kata-dev on Freenode
Mailing list: http://lists.katacontainers.io/cgi-bin/mailman/listinfo