Kata Containers, Container with VM Isolation

by · Published · Updated

Kata Containers offers method of container deployment with more security. Security is one biggest challenge about containers and containers has lower level of security compared to virtual machines. Because virtual machines are isolated from each other, but containers can’t provide isolation same as virtual machines.

What’s Kata Containers?

It is an open source community working to build a secure container runtime with lightweight virtual machines that feel and perform like containers, but provide stronger workload isolation using hardware virtualization technology as a second layer of defense.

Kata Containers

Kata Containers are as light and fast as containers and integrate with the container management layers including popular orchestration tools such as Docker and Kubernetes (k8s), while also delivering the security advantages of VMs.

Kata Containers
Kata Containers

Where Can Be Installed?

It’s available for the below Linux distributions:

  • RHEL
  • CentOS
  • Ubuntu
  • OpenSuse
  • SLES
  • Debian
  • Fedora

Find installation documents at the below link:

Kata Containers installation guides

Kata Containers Supported Hypervisors

It’s supporting the below hypervisors:

  • Firecracker
  • QEMU
  • Cloud Hypervisor

And also supporting some architectures but focused on x86_64.

However, supported hardware features depends on hypervisor but supporting: Nvidia GPU, RDMA, SRIO-V and some other hardware features.

Read more about architecture and design at this link:

Kata Containers Architecture

Conclusion

People are talking about ChatGPT now and no one talking about Cloud-Native anymore! LOL 😀

I want to say that virtualization was a revolution and using container in services allows companies to have faster service deployment and more integration, but security guys always have concern about isolation and no level of isolation is enough for them (kidding).

Kata Containers will be popular in future of Cloud-Native computing, but it still needs to development. I didn’t test it, but it is a valuable idea.

Further Reading

[Review]: What is Container Linux?

VMware Photon OS – Best OS for Kubernetes and Container Host

SmartOS, Live Operating System For Virtualization

What’s MicroVM And Firecracker?

Oracle Database CPU Core Limit For Dummies

Why Alpine Linux is Suitable For Cloud Native Application?

Cloud Native Server Processors

VMware Cloud Native Application | Photon Platform

Davoud Teimouri

Professional blogger, vExpert 2015/2016/2017/2018/2019/2020/2021/2022/2023, vExpert NSX, vExpert PRO, vExpert Security, vExpert EUC, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

1 Response

  1. OKD: Unleashing the Power of Kubernetes for Open-Source Innovation
    16/11/2023

    […] Kata Containers, Container with VM Isolation […]

Leave a Reply

Your email address will not be published. Required fields are marked *