OpenStack Foundation Embraces Containers with “Kata Containers”
On Dec. 5, when the enthusiastic container community was getting ready for KubeCon, the OpenStack Foundation renewed its long-standing friendship with the announcement of a new effort called Kata Containers with the goal of unifying the speed and manageability of containers with the security advantages of virtual machines (VMs).
Containers + OpenStack is a long-standing friendship
Providing users with the advantages of using container technologies is not new to OpenStack Community. From the launch of nova-docker, probably one of the first containerization projects being deployed at multiple production deployments till embracing platforms like Kubernetes, Docker Swarm, Mesos, etc., to deploy containerized OpenStack, the community has always kept the eyes open for emerging technologies in the container technology with projects like Magnum, Zun, Murano, etc., for container orchestration & management to Kolla for containerized deployment with OpenStack itself.
Why and How “Kata”
Deployment with containers is lucrative, and since its inception, it has always had security concerns. Intel has been working on the Clear Containers project since 2015 to address security concerns within containers through Intel Virtualization Technology (Intel VT). This essentially provides the ability to launch containers as lightweight virtual machines (VMs), providing an alternative runtime that is interoperable with popular container environments such as Kubernetes and Docker. At the same time, the Hyper Community has been working on providing the alternate OCI-compliant runtime to run containers on Hypervisors with few limitations due to the incompatibility of hypervisors and containers at the current state.
Both these communities had their fair share of contributors and feature sets. The Kata Containers community has been formed with the same intention to provide a common platform for emerging communities to collaborate. The project is designed to be hardware agnostic and compatible with the Open Container Initiative (OCI) specification for Docker containers as well as the container runtime interface (CRI) for Kubernetes.
The Kata Containers project will initially comprise six components, including the Agent, Runtime, Proxy, Shim, Kernel, and packaging of QEMU 2.9. It is designed to be architecture agnostic and run on multiple hypervisors. For now, it will only run on chips based on the X86 architecture and will only support KVM as its hypervisor. The plan is to expand support to other architectures and hypervisors over time. Kata Containers is hosted on Github under the Apache 2 license, while the Kata Containers project will be managed by the OpenStack Foundation; it is an independent project with its own technical governance and contributor base.
Call for Contribution
In addition to Intel and Hyper, companies like 99cloud, Canonical, China Mobile, City Network, CoreOS, Dell/EMC, EasyStack, Fiberhome, Google, Huawei, JD.com, Mirantis, NetApp, Red Hat, SUSE, Tencent, Ucloud, UnitedStack, and ZTE are supporting the Kata Containers community. The open-source Kata Containers community will focus on attracting contributors, supporting diverse hardware architectures, and driving technology adoption. Contributors can expect to work upstream across multiple infrastructures and container orchestration communities, including Kubernetes, Docker, OCI, CRI, CNI, QEMU, KVM, HyperV, and OpenStack. Please join hands with the Kata Containers community to create a new world of secure containers. You can learn more about the project at katacontainers.io, or join us on GitHub to contribute to the project. Join the conversation on Freenode IRC: #kata-dev or KataContainers Slack or subscribe to firstname.lastname@example.org mailing list.