It’s no secret that the OpenStack Foundation has been looking to branch out beyond its eponymous cloud infrastructure project, which, until now, was always its sole focus. It’s also no surprise then that the Foundation today announced the launch of the Kata Containers project.
Kata Containers is a new open source project that aims to bring the best of containers (speed, flexibility, manageability etc.) with the best of virtual machines (especially security). It’s built on top of the work that Intel did with its Clear Containers technology and Hyper’s runV hypervisor-based runtime.
As OpenStack Foundation executive director Jonathan Bryce told me, his organization was looking to support additional projects that make it easier to run production workloads in the cloud. “At the OpenStack Foundation, we are really focussed on the user community we built and solving their needs — and that’s something that’s bigger than the core OpenStack services,” he said.
So what does the Kata Containers project actually look like? The basic idea here is that containers, for all of their advantages, have long had a few basic security issues, largely because its hard to keep containers fully isolated from each other when they are running together on a shared virtual machine. The Kata Containers project solves this by giving each container its own, very lightweight virtual machine and kernel, so that each container or container pod run in its own isolated environment and gets its own allocation of networking, I/O and memory, as well as access to hardware-enforced isolation thanks to the virtualization technologies that Intel now builds into its processors.
Kata Containers currently integrates with Kubernetes, Docker and OpenStack, it currently only runs on chips based on the X86 architecture and it only supports KVM as its hypervisor. The plan is to expand support to other architectures and hypervisors over time, though.
Until now, Intel and Hyper both separately worked on building similar solutions. Hyper’s COO James Kulina tells me that his company has been working with Intel for about a year now and that the two companies got to a point were they thought that it was time for a standardized solution. And there’s clearly a demand for this solution, given that the companies like Canonical, China Mobile, CoreOS, Dell/EMC, Google, Huawei, JD.com, Mirantis, Suse, Tencent and ZTE are already supporting it. Some of these, like Chinese e-commerce platform JD.com, already run Hyper’s runV in their data centers today.
Besides the actual technology here, it’s also interesting to see the OpenStack Foundation move beyond its core projects. The Foundation now describes itself as “the home of open infrastructure” and there can be no doubt that the Kata project fits this description nicely. It also shows that the Foundation is able to bring many of its existing backers on board for these new projects.
It’s worth stressing that Kata Containers is very much an independent project with its own technical governance and contributor base. The OpenStack Foundation will manage the project, similar to how the Linux Foundation provides support to groups like the CNCF of Cloud Foundry Foundation.
The Kata Containers code is now available on GitHub and like other OpenStack projects, the code is licensed under the Apache 2 license.