We use containers all the time, but we're not ready to give up on Virtual Machines (VM) yet. Both have their uses. But, what if we could use the flexibility and ease of deployment of containers with the security and manageability of VMs? That's the idea behind the OpenInfra Foundation'sKata Containers, and it's been fine-tuned in the latest release, Kata Containers 3.0.0.
That is, Kata Containers provides a secure container runtime with lightweight VMs. These feel and act like containers but come with VM's stronger workload isolation. It relies on AMD SVM and Intel VT-x CPU-based virtualization technology for this extra level of protection.
Kata Containers 3 also now has support for GPUs. This includes support for Virtual function I/O (VFIO), which allows safe, non-privileged, user space drivers and PCIe devices.
This version of Kata Containers also features a newly written Rust runtime implementation and an optional integrated Rust hypervisor. This makes the program even lighter and easier to manage.
It all supports Kubernetes and container runtimes such as CRI-O, Containerd, cGroup v2, and OCI v1.0.0-rc5.
Underneath all this, Kata Containers has its own Linux kernel. The kernel in Kata Containers 3.0.0 is v5.19.2.
Users are already happy with these new developments. As Treva Williams, OpenInfra's technical community manager, said, "There's a lot of excitement in the Kata Containers community around how the improved hypervisor support in Kata Containers 3.0.0 expands compatibility with a number of popular environment configurations and hardware technologies, such as GPUs."
TEE is a hardware-based, trusted execution environment. With it, your application and data run in a secure and isolated environment. The alpha Confidential Containers 0.10 release can work with Kata 3.0.0. For more on this new project, see its GitHub Quickstart guide.