Kata Containers united Intel Clear Containers with Hyper's runV. The goal was to unite virtual machines (VMs) security advantages with the speed and manageability of container technologies. Now with version 2.0, it's faster and smaller than ever.
Kata provides container isolation and security without the overhead of running them in a VM. Usually, containers are run in VMs for security, but that removes some of the advantages of using containers with their small resources footprint. Kata containers, however, can run on bare metal.
The purpose of runV was to make VMs run like containers. In Kata, this approach is combined with Intel's Clear Containers, which uses Intel built-in chip Virtual Technology (VT), to launch containers in lightweight virtual machines (VMs). With Kata, those containers are launched in runV.
Despite the Intel connection, Kata Containers are hardware agnostic. Kata Containers are also built to be compatible with the Open Container Initiative (OCI) specification, and Kubernetes' container runtime interface (CRI).
Kata Containers 2.0 has been rewritten in Rust and the result is containers which are smaller and faster than ever. According to its developers, this new Kata Containers agent has a much smaller attack surface. What users will see, however, is a 10-fold improvement in size, from 11MB to 300KB. This rewrite and refactoring also introduces utilizing ttRPC, further improving a user's footprint.
The new Kata are also easier to observe and manage. Its containers now provide metrics about the runtime itself, the Virtual Machine Manager (VMM), and the guest kernel. This is all done using the open-source Prometheus system monitoring format. This makes getting a handle on Kata Containers management and workload performance much easier.
The new Cloud Hypervisor VMM also gives users a choice of virtualization stacks. With this, you can use one virtualization approach for a traditional cloud and another for a cloud-native and serverless approach.
"Kata Containers 2.0 is an exciting release for the community," said Xu Wang, senior staff engineer at Ant Group. "In the 2.0 development cycle, we kept working on weaving Kata into the cloud-native infrastructure fabric invisibly by reducing the overhead and improving operability and debuggability. At Ant Group, an Alibaba Group affiliate, Kata Containers is running on thousands of nodes and over 10,000 CPU cores, and part of our deployment has been upgraded to a 2.0 pre-release version. We believe the isolation provided by Kata Containers will be the cornerstone of our financial-grade infrastructure architecture."
Kata Containers 2.0 will be available shortly for download. This open-source program is available under the Apache 2 license.