Kata Containers Project Launches to Build Secure Container Infrastructure

New open source project ‘Kata Containers’ combines technology from Intel Clear Containers and Hyper runV and is compatible with standard container interfaces

AUSTIN, Texas--()--The OpenStack Foundation today announces a new open source project, Kata Containers™, which aims to unite the security advantages of virtual machines (VMs) with the speed and manageability of container technologies. The project is designed to be hardware agnostic and compatible with the Open Container Initiative (OCI) specification, as well as the container runtime interface (CRI) for Kubernetes. Kata Containers offers the ability to run container management tools directly on bare metal without sacrificing workload isolation. When compared to running containers on virtualized infrastructure (which is the standard practice today), benefits include increased performance, faster boot time and cost efficiencies.

Intel is contributing Intel Clear Containers technology, and Hyper is contributing runV technology to initiate the project. In addition to contributions from Intel and Hyper, the following companies are supporting the project at launch: 99cloud, AWcloud, Canonical, China Mobile, City Network, CoreOS, Dell/EMC, EasyStack, Fiberhome, Google, Huawei, JD.com, Mirantis, NetApp, Red Hat, SUSE, Tencent, Ucloud, UnitedStack and ZTE.

JD.com, China’s largest eCommerce platform by revenue, currently offers a container service powered by runV, the technology from Hyper.sh that will form the basis for Kata Containers. The service exposes an easy-to-use, Docker-like workflow, so developers who know Docker are able to jump in and deploy apps immediately.

“With virtualized containers, the basis for Kata Containers technology, we are able to provide a container service for our customers to deploy applications in a simple, fast, secure and cost-effective manner,” said Lijing Guo, general manager of JD Cloud Product Management at JD.com. “Development speed is 3x to traditional IaaS, but with 50 percent cost reduction. We look forward to seeing a community form around this technology to drive it forward.”

The Kata Containers project will initially comprise six components, including the Agent, Runtime, Proxy, Shim, Kernel and packaging of QEMU 2.9. It is designed to be architecture agnostic, run on multiple hypervisors and be compatible with the OCI specification for Docker containers and CRI for Kubernetes.

By combining two of the most well-integrated virtualized container open source code bases and moving the project to open governance, the Kata Containers community will focus on attracting contributors, supporting diverse hardware architectures and driving technology adoption. Contributors can expect to work upstream across multiple infrastructure and container orchestration communities, including Kubernetes, Docker, OCI, CRI, CNI, QEMU, KVM, HyperV and OpenStack.

Called Kata Containers, the new project suggests the Greek word, Καταπίστευμα (“ka-ta-PI-stev-ma”) that translates as “trust something to someone.” The word Kata in Japanese also means a detailed choreographed pattern of movements performed by individuals.

Kata Containers at the OpenStack Foundation

Kata Containers is a container infrastructure project managed by OpenStack Foundation, the home of open infrastructure. While OpenStack users may benefit from the new technology, Kata Containers is an independent project with its own technical governance and contributor base. The Kata Containers community expects to collaborate and target all popular infrastructure providers and container orchestration frameworks in addition to OpenStack-powered clouds.

The OpenStack Foundation provides access to a diverse, global community of 82,000+ members across 187 countries, with the ability to leverage shared administrative and scalable resources, including community management, event management, and dev/test infrastructure.

About Kata Containers

Kata Containers is a new open source project that delivers the speed and performance of Linux containers with the workload isolation of virtual machines. It is designed to be architecture agnostic and compatible with OCI images, as well as the container runtime interface (CRI) for Kubernetes.

Kata Containers is hosted on Github under the Apache 2 license and managed by the OpenStack Foundation. Get involved at www.katacontainers.io.

Supporting Quotes

“Containerization is an inevitable trend and we are very excited to see the OpenStack Foundation is making great efforts to launch the Kata Containers project. 99Cloud has been working in Kolla and OpenStack containerization for a long time, along with that we deployed the first Kolla production case and cloud OS based on Ocata & Pike release accordingly. In the future, we will leverage our experience and resources to contribute into this new project.”
—Kai Li, co-founder and vice president, 99Cloud Inc.

“Kata Containers technology has the potential to help enterprise customers build a more secure container infrastructure while bringing new energy and inspiration into the infrastructure software development community. As an open source software startup, AWcloud will support the Kata Containers project to help our enterprise customers build more secure container infrastructure.”
—Hua Li, CTO, AWcloud

“The Kata Containers Project is an exciting addition to the OpenStack Foundation family of projects. Lighter, faster, more secure VMs technology fits perfectly into the OpenStack Foundation family and aligns well with Canonical’s data center efficiency initiatives. Like Clear Containers and Hyper.sh previously, Kata Container users will find their hypervisor and guests well supported on Ubuntu.”
—Dustin Kirkland, vice president, Product, Canonical

“It's China Mobile’s honor to join the Kata Containers project and project launch. It’s very well aligned with China Mobile’s Cloud Computing product. Kata Containers is a good complement for OpenStack. China Mobile has built IaaS product software stack based on OpenStack, and has a strong R&D team now, and we want to make a bigger investment in containers in the future. We think Kata Containers is a good choice for us.”
—Junwei Liu, assistant general manager of Cloud Computing Department, Suzhou R&D Center, China Mobile

“Cloud infrastructure is rapidly evolving, and City Network is committed to offering the most innovative services to our financial services customers while also meeting industry regulations and business constraints. Technologies like virtualized containers that can offer workload isolation are compelling, and we support the Kata Containers community as we push the envelope with new innovative services for regulatory sensitive industries.”
—Johan Christenson, CEO, City Network

“CoreOS has long seen the power of combining containers and virtualization for a fast and secure deployment option for anything from highly secured workloads to untrusted workloads. With the rapid adoption of Kubernetes to assist with orchestration, the new Kata Containers Project is well-timed to showcase the combination of virtualization and containers to more users, and eventually as the technology matures, the enterprise.”
—Reza Shafii, vice president of product, CoreOS

“OpenStack and Kubernetes are core cloud technologies. However, there are gaps to be filled, including security, isolation and support for optimized, lightweight images in runtime. Ease of integration between OpenStack and Kubernetes for multi-tenant support and access to the same set of network and storage resources is another gap. Kata Containers was born to fill these gaps. With memberships in the OpenStack Foundation, CNCF and OCI, EasyStack pledges to provide technical expertise and resources to support the Kata Containers project and provide these technologies in our customer environment.”
—Guohui Liu, co-founder and CTO of EasyStack

“Secure pods are an important direction for Kubernetes that allow multiple security boundaries within one node. With this approach already running on GCP, Kata Containers are an exciting addition as they enable secure pods, which provide lightweight security isolation and safe multi-tenancy.”
—Eric Brewer, vice president, infrastructure, Google Cloud

“The Kata Containers brings a new level of value and functionality to running containers in production environments, and we’re pleased to contribute. Secure container management technology that’s light, fast and agile can answer many of the challenges faced by both large telecom operators and enterprise users.”
—Xiaoli Jiang, general manager, Cloud Open Source Development Team, Huawei

“Hyper is proud and excited to contribute runV, our virtualized container runtime technology, as the foundation of the new Kata Containers project. Hyper’s vision from the start has always been to combine the best of virtualization and containerization, in delivering the security of VMs with the speed of containers. We see Kata Containers, as a potential basis for new on-demand container-native services spanning public/private cloud, serverless, and edge computing use cases and look forward to working with the community.”
—James Kulina, COO, Hyper

“Intel is proud to be a part of a project that expands on the vision of security and efficiency established with Clear Containers. Kata Containers combines the security and isolation advantages of existing virtual machines (VMs) with the deployment speed of containers. The project’s runtime and tools look to standardize this approach and help make it easier to realize these benefits across stacks and platforms.”
—Imad Sousou, vice president and general manager, Open Source Technology Center, Intel

“The OpenStack Foundation knows how to build and grow communities for open infrastructure, and I'm excited to see the organization growing to support the new Kata project, enabling secure container infrastructure.”
—Boris Renski, co-founder and CMO, Mirantis

“NetApp is among the earliest and most active contributors to OpenStack and a variety of container projects, including Kubernetes and Docker. As customers rely increasingly on their data as a vital asset, these initiatives address the need for persistent storage and reliable security. We’re committed to advancing common standards that make container solutions more secure and even easier to deploy and use. The Kata Containers approach is particularly impressive in how it takes on the formidable challenge of secure tenant isolation along container boundaries in multi-tenant CaaS environments.”
—Mark Bregman, senior vice president and CTO, NetApp

“It is great to see open source communities combine efforts and work together as with Kata Containers, and aligning with standards like OCI and key container projects like Kubernetes are important starting points for Kata. Container technologies are having a significant impact on the industry and adding hardware isolation as an option when using containers has the potential to bring a new class of workloads to container platforms including Red Hat OpenShift, furthering that industry impact.”
—Chris Wright, vice president and CTO, Red Hat

“SUSE is committed to delivering the benefits of secure enterprise-grade technology to its customers. Kata will be an important piece of the puzzle, unlocking the full potential of enterprise cloud models through greater security and innovative multi-tenant possibilities.”
—Thomas Di Giacomo, CTO, SUSE

“Containers technology offers huge potential benefits to operators of cloud infrastructure at scale, but practical considerations of security and performance result in compromises. As scale operators of infrastructure powered by OpenStack and other technologies, we’re excited to support the Kata Containers project, as it offers a novel approach to solving the challenges of containers at scale.”
—Carlos Luo, cloud general manager of government affairs, Tencent

“Kata Containers naturally inherits the technical advantages of both VMs and containers, solving several pain points which bother us a lot. Kata Container is an exciting technology and UCloud developers contributed code and ideas to the upstream community of what has become the Kata Containers project. UCloud has also deployed the technology in production environments, for example, on CaaS, Cloud DB (UDB) and SDN products. UCloud will continue developing and deploying the technology to provide better products to cloud users.”
—Mojiong Qiu, director, UCloud

Connect With the Kata Containers Community

Meet the Kata Containers Team at KubeCon This Week

  • Dec 6-8: Kata Containers booth #S57 in the Sponsor Showcase
  • Dec 6: Kata Containers featured in Intel’s keynote presentation, 9:50-9:55am, Exhibit Hall 3
  • Dec 6: Kata Containers breakout session, 2:00-2:35pm in Ballroom B
  • Dec 8: Community on-boarding Meetup over lunch, 12:30-2:30pm, at Native Bar & Kitchen (5-minute walk from the Austin Convention Center)

For those not at KubeCon, the community will host Kata Containers Community On-boarding Webinars. The first is on December 18 at 5:00pm PST. Register at: https://zoom.us/j/546473686. The second is on December 19 at 8:30am PST. Register at https://zoom.us/j/169673807.

Contacts

Cathey.co for the Kata Containers Project
Robert Cathey, +1-865-386-6118
robert@cathey.co
@robertcathey

Release Summary

The OpenStack Foundation today announces a new open source project, Kata Containers, to build secure container infrastructure.

Contacts

Cathey.co for the Kata Containers Project
Robert Cathey, +1-865-386-6118
robert@cathey.co
@robertcathey