Kata Containers: Design, Architecture and...
Transcript of Kata Containers: Design, Architecture and...
![Page 1: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/1.jpg)
Information Classification: General
Kata Containers:
Design, Architecture and Impact
Panel Chairperson:
Jean S. Bozman
VP/Principal Analyst, Hurwitz & Associates
1
![Page 2: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/2.jpg)
Information Classification: General
Agenda
• Introduction
• Panel Presentations
• Panel Discussion
• Question & Answer Session
2
![Page 3: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/3.jpg)
Information Classification: General
Kata Containers: Brief History
• Kata Containers project launched in December, 2017
• Goal: Improve security and performance for micro-
services delivery in hybrid clouds
• Team from the Open Stack open-source community
• Sources: Intel Clear Containers and Hyper.sh RunV
• Using thin VMs to provide secure, light, fast and agile
container management across stacks and platforms
3
![Page 4: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/4.jpg)
Information Classification: General
Kata Containers: The Panel
NVMe Developer Days 2018
San Diego, CA 4
Manohar Castelino
Intel, virty container wizard
Eric Ernst
Intel, Kata Architecture
Committee
Lei (Harry) Zhang
Alibaba
![Page 5: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/5.jpg)
Information Classification: General
San Diego, CA
December 2018 5
![Page 6: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/6.jpg)
Information Classification: General
NVMe Developer Days 2018
San Diego, CA 6
![Page 7: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/7.jpg)
Information Classification: General
Features
Multi
HypervisorQEMU*/KVM,
NEMU/KVM,
Firecracker*
Works seamlessly
with Kubernetes*
and Docker*and is a drop in
replacement for runc
Open SourceOpen governance
project under the
OpenStack*
Foundation umbrella
Multi
Architecturex86, Arm*, PowerPC*,
s390x
OCI* compatible runtime that enhances security of container workloads in a lightweight virtual machines.
* Other names and brands may be claimed as the property of others.
![Page 8: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/8.jpg)
Information Classification: General
![Page 9: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/9.jpg)
Information Classification: General
![Page 10: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/10.jpg)
Information Classification: General
![Page 11: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/11.jpg)
Information Classification: General
![Page 12: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/12.jpg)
Information Classification: General
![Page 13: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/13.jpg)
Information Classification: General
NVMe Developer Days 2018
San Diego, CA 4
![Page 14: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/14.jpg)
Information Classification: General
Where to run Kata
Distro packagesCentOS*
Clear Linux*
Debian*
Fedora*
OpenSUSE*
SUSE Linux* Enterprise Server*
Red Hat* Enterprise Linux*
Ubuntu*
CloudAmazon Web Services* (AWS)
Microsoft Azure*
Google Compute Engine* (GCE)
VEXXHOST* OpenStack Cloud
Packet.IO
Hardware Supportx86_64
arm64
ppc64le
s390x
![Page 15: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/15.jpg)
Information Classification: General
Lei (Harry) ZhangStaff Software Engineer, Alibaba
![Page 16: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/16.jpg)
Information Classification: General
Bio
• Lei (Harry) Zhang
• Staff Software Engineer of Alibaba (and Cloud)
• Previously: hyper.sh
• Now: co-maintainer of Kubernetes, co-leading engineering effort on Alibaba’s Kubernetes upstream and large-scale cluster management system as well
![Page 17: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/17.jpg)
Information Classification: General
Sandboxed Container Runtime In Alibaba
各种运行时的比较
Kata:• Better compatibility• Use qcow2 as graph driver• Long running service• Supporting Serverless product of Alibaba
gVisor:• Quicker start time,lower overhead• Used to run batch job and other restricted
runtime platforms
Focus on sandboxed container lifecycle & Kubernetes, including both Kata & gVisor
Apps
Emulationkernel
Apps
Network
stack
Apps
Emulationkernel
Apps
Network
stack
kvm
hardware
![Page 18: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/18.jpg)
Information Classification: General
YarnFUXI Mesos
Kubernetes
“Elf” Container APIServerless infra
Legacy Batch Job User (also Alibaba tenants)Alibaba tenants
LRSFor
Spark
For Flink
For PAI
For …
Pouch Containerd
runc runtime kata runtime
LRS Batch Job
agile
Legacy BatchJob
UntrustedCode
Legacy Batch Job
secure
hypervisor
kata agent
guest kernel
container
rootfs
hypervisor
kata agent
guest kernel
container(batch job)
Rootfs/initrd
Standard Mode
Advanced Mode
Agent of tenants
Sandboxed Runtime in Multi-tenant Kubernetes of Alibaba
![Page 19: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/19.jpg)
Information Classification: General
Next:
Panel Discussion and Q/A Session
19
![Page 20: Kata Containers: Design, Architecture and Impactfiles.informatandm.com/uploads/2019/4/13.00_Panel_-_Jean_Bozman_Panel.pdf · Kata: • Better compatibility • Use qcow2 as graph](https://reader033.fdocuments.us/reader033/viewer/2022041416/5e1bec711f21f1679f4995ed/html5/thumbnails/20.jpg)
Information Classification: General
Kata Containers: The Panel
NVMe Developer Days 2018
San Diego, CA 20
Manohar Castelino
Intel, virty container wizard
Eric Ernst
Intel, Kata Architecture
Committee
Lei (Harry) Zhang
Alibaba