After two years of development published the production of the project Kata Containers 3.0 , developing stack for organizing containers using insulation based on full virtualization mechanisms. The project was created by Intel and Hyper by combining technologies claar containers and runv . The project code is written in GO and Rust, and is distributed under the Apache 2.0 license. The development of the project is overseeated by the working group created under the auspices of the OpenStack Foundation independent organization, in which companies such as Canonical, China Mobile, Dell/EMC, Easystack, Huawei, NetApp, Red Hat, Suse and ZTE.
participate.
The basis of KATA is runtime , which provides the ability to create compact virtual machines performed using a full-fledged hypervisor, instead of using traditional containers, Using the common linux nucleus and isolated with the help of names and CGROUPS spaces. The use of virtual machines allows you to achieve a higher level of security that protects against the commission of attacks caused by the operation of vulnerabilities in the Linux nucleus.
Kata Containers is focused on integration into existing container insulation infrastructures with the possibility of using such virtual machines to enhance the protection of traditional containers. The project provides mechanisms to ensure compatibility of lightweight virtual machines with various container insulation infrastructures, container orchestration platforms and specifications such as OCI (Open Container Initiative), CRI (Container Runtime) and CNI (CNII network). Integration funds are available with Docker, Kubernetes, Qemu and OpenStack.
Integration with containers control systems is achieved using a layer simulating container control, which through the GRPC interface and a special proxy addresses the control agent in a virtual machine. Inside the virtual environment, which is launched by a hypervisor, a specially optimized Linux nucleus containing only a minimum set of necessary capabilities is used.
The use of Dragonball Sandbox