The OpenStack Foundation announced this week that it is leading an effort to combine two existing open source projects to create a Kata class of containers that can be deployed on a lightweight version of the Kernel-based virtual machine.
OpenStack Foundation COO Mark Collier says Kata Containers enable each container to have access to its own kernel to provide the same level of isolation that containers enjoy on existing virtual machines, without having to execute any extra code that traditional virtual machines require to support entire operating systems. It is expected to be available in early 2018.
Designed to be compatible with the Open Container Initiative (OCI) specification, Kata Containers combines Intel Clear Containers technology, which optimizes containers for use on processors that support Intel Virtualization Technology (VT) with runV, a hypervisor based runtime developed by Hyper.
Collier says reducing the VM overhead associated with deploying containers will result in both better performance and faster boot time. Just as importantly, utilization rates per bare-metal server should substantially increase, adds Collier.
Vendors throwing their support behind Kata Containers include 99cloud, AWcloud, Canonical, China Mobile, City Network, CoreOS, Dell/EMC, EasyStack, Fiberhome, Google, Huawei, JD.com, Mirantis, NetApp, Red Hat, SUSE, Tencent, Ucloud, UnitedStack and ZTE.
The Kata Containers project will initially comprise six components—agent, runtime, proxy, shim, kernel and packaging. The goal is to create an architecture-agnostic instance of a container that can run on multiple hypervisors and be compatible with the OCI specification for Docker containers and the Container Runtime Interface (CRI) employed on Kubernetes clusters, says Collier.
Most containers today are deployed on hypervisors or in platform-as-a-service (PaaS) environments running in a public or private cloud for two reasons. The first is most IT organizations don’t have the tooling required to manage containers outside of those environments. The second is concern over potentially noisy neighbors hogging resources or laterally sharing malware. Both have lead many organizations to continue to rely on hypervisors to isolate containers. However, interest in running containers on bare-metal servers has remained high, as companies seek to avoid commercial license fees from providers of virtual machine platforms such as VMware. Collier says Kata Containers will provide a means to gain all the benefits of both hypervisor isolation and bare-metal servers.
Some big names are missing from the list of vendors supporting Kata, including VMware. Microsoft and Amazon Web Services (AWS). All three have a vested interest in existing implementations of various hypervisors that are being used to deploy containers. KVM may not be the most widely employed hypervisor today, but there is enough of a community surrounding OpenStack to provide some significant momentum. The OpenStack Foundation claims to have a community of 82,000+ members spanning 187 countries. All of them may not be interested in Kata, but chances are high Kata is about to become a force to be reckoned with.
The word Kata itself is derived from the Greek word, Καταπίστευμα (“ka-ta-PI-stev-ma”), which translates as “trust something to someone.” The word Kata in Japanese also happens to refer to a choreographed pattern of movements performed by individuals.