Kata Containers is a new open source project merging two hypervisor-based container runtime efforts: Hyper's runV and Intel's Clear Containers. Providing an OCI and CRI compatible runtime, it is seamlessly integrated with OpenStack containers services. Each container, or each sandbox as defined by Zun, is hypervisor-isolated and runs inside a dedicated Linux VM. Combining Zun and Kata Containers provide OpenStack users with a much stronger isolation layer between all containerized workloads, while being able to safely run bare metal containers.
This talk will walk through Kata’s unique architecture, how it integrates with Openstack and other Cloud software stacks, and focus around a few key points like networking and storage. It will highlight the will for Kata Containers to become a new standard to run virtualized containers, and encourage people to contribute. The presenter will demo how Kata Containers can be as fast as a namespace-based container runtime while being run in a VM.
As more and more workloads are moving to containers, the security concerns around running business critical applications through software-only isolation layers are growing. Containers orchestrators need to build a stronger container security architecture; Kata Containers can be part of the solution. Showing how hypervisor-isolated containers can improve the overall cloud security architecture, with no user experience degradation or changes, makes this presentation relevant to the OpenStack audience, as well as the fact that this project is hosted by the OpenStack foundation.
