kata containers
play

Kata Containers Story of a container runtime Sbastien Boeuf, - PowerPoint PPT Presentation

Mar 25, 2024 •454 likes •958 views

Kata Containers Story of a container runtime Sbastien Boeuf, Software Engineer Intel Corporation Agenda Why Kata Containers? Acceptance Community growth Ecosystem influence Hypervisor flexible

  1. Kata Containers Story of a container runtime Sébastien Boeuf, Software Engineer Intel Corporation

  2. Agenda ● Why Kata Containers? ● Acceptance ● Community growth ● Ecosystem influence ● Hypervisor flexible

  3. https://regmedia.co.uk/2017/09/11/shutterstock_containers_in_port.jpg

  4. Containers Container Container Container Host OS

  5. Security threat Container Container Container Host OS

  6. https://cdn-images-1.medium.com/max/800/1*zPiik9vlW_G7GU9bTjxhJQ.jpeg

  7. Manual isolation Container Container Container Container Container Container Host OS Host OS VM VM Baremetal server

  8. https://s3.amazonaws.com/wordpress-production/wp-content/uploads/2015/12/collaborative-problem-solving.jpg

  9. Legacy Clear Containers

  10. Kata Containers Container Container Container Guest OS Guest OS Guest OS VM VM VM HW HW HW virtualization virtualization virtualization Host OS

  11. https://marketingweek.imgix.net/content/uploads/2017/06/30121536/Ecosystem-body-image.jpg

  12. Container ecosystem Docker OCI runc Container

  13. Container ecosystem Kubernetes CRI OCI runc Container

  14. Container ecosystem Kubernetes Docker CRI OCI runc Container

  15. Seamless integration Kubernetes Docker CRI Container OCI kata-runtime Guest OS VM

  17. OCI compatible OCI create start state kill delete

  18. OCI compatible runc OCI exec list create start pause resume state run update kill delete

  19. OCI compatible host monitoring Container I/O

  20. OCI compatible host Container ? monitoring I/O Guest OS VM

  21. OCI compatible host Container monitoring I/O Guest OS kata-shim VM

  22. https://www.incimages.com/uploaded_files/image/1940x900/getty_524541622_2000133320009280310_370635.jpg

  23. Community growth Additional architectures ● aarch64 ( ARM ) ● ppc64 and s390 ( IBM ) Enhanced stability and production ready ● Huawei ● Baidu ● Alibaba

  24. Community growth CI resources ● Vexxhost ( Vexxhost ) ● Azure ( Microsoft ) ● AWS ( Amazon ) ● GCE ( Google )

  25. Community growth 2000 pull requests / 100 contributors

  26. https://hbr.org/resources/images/article_assets/2015/05/MAY15_19_686097-001.jpg

  27. Extend OCI

  28. RuntimeClass

  29. RuntimeClass node 1 pod1.yaml Pod 1 Pod 2 pod2.yaml runc kata pod3.yaml pod4.yaml node 2 Pod 3 Pod 4 runc kata

  30. Pod overhead

  31. Pod overhead pod1.yaml node cpus: 2 mem: 256M Pod 1 Pod 2 Container pod2.yaml Container Guest OS cpus: 2 mem: 256M VM Overhead: - cpus: 1 - mem: 128M

  32. Shim v2 CRI containerd or CRI-O

  33. Shim v2 CRI containerd-shim or containerd conmon or CRI-O

  34. Shim v2 CRI OCI runc containerd-shim or containerd conmon + or kata-runtime kata-shim CRI-O

  35. Shim v2 Shim CRI OCI v2 runc containerd-shim or containerd conmon + or kata-runtime kata-shim CRI-O kata-v2

  36. Shim v2 wait stats resizePty No host PID assumption! k8s pod scaling!

  37. Shared filesystem Virtio-9p ● Not fully POSIX compliant ⇒ Workload functional issues ● Not performant ● Production should use virtio-blk ⇒ devicemapper

  38. Shared filesystem Redhat developed replacement for virtio-9p ⇒ virtio-fs ● Fully POSIX compliant ⇒ Solve workload functional issues ● As performant as virtio-blk (with DAX optimization) ● Overlay back into the picture for production

  39. Shared filesystem virtio-9p Mounted FS Shared FS VM

  40. Shared filesystem virtio-fs Mounted FS virtiofsd Shared FS VM

  41. Shared filesystem virtio-fs Mounted FS virtiofsd Shared FS VM

  43. QEMU/NEMU ● Swiss army knife hypervisor ⇒ Default for Kata ○ Type 2 (KVM) ○ Multi-purpose ○ Extensive device model (virtio-gpu, virtio-crypto, ...) ○ Direct Device Assignment (VFIO) ● Wide codebase in C ⇒ Potential attack surface ● NEMU reduces the attack surface

  44. Firecracker ● Lightweight hypervisor ○ Type 2 (KVM) ○ Narrow focus: container workloads and FaaS ○ Reduced device model ● Small codebase in Rust ⇒ Highly secure

  45. ACRN (in progress) ● Lightweight hypervisor ○ Type 1 ○ Focus on Automotive and IoT ○ Industry standard FuSa (Functional Safety) ● Small codebase in C ⇒ Highly secure

  46. http://www.lifeafterlondon.com/wp-content/uploads/2014/07/pick-your-own.jpg

  47. Takeaways INFLUENCE INTEGRATE

  48. Join the fun! Sources: https://github.com/kata-containers/runtime Get started: https://github.com/kata-containers/documentation/blob/master/Deve loper-Guide.md Slack: katacontainers.slack.com IRC: #kata-dev@freenode Mailing list: kata-dev@lists.katacontainers.io

  49. Thank you

Recommend

Kata-Containers on openSUSE Ralf Haferkamp, Container Software Engineer, SUSE Dario Faggioli,

Kata-Containers on openSUSE Ralf Haferkamp, Container Software Engineer, SUSE Dario Faggioli,

Kata-Containers on openSUSE Ralf Haferkamp, Container Software Engineer, SUSE Dario Faggioli, Virtualization Software Engineer, SUSE What is Kata Containers A container runtime providing stronger isolation by using hardware virtualization

528 views • 15 slides
Improvement Kata IK Makes the Impossible Discussable 1 Kata and Continuous Improvement at The

Improvement Kata IK Makes the Impossible Discussable 1 Kata and Continuous Improvement at The

Improvement Kata IK Makes the Impossible Discussable 1 Kata and Continuous Improvement at The Andersons Who we are Our approach to CI Training (100 attendees so far) Applied Learning Why Kata? Next Steps 2 THE FOUR

348 views • 18 slides
ORCHIDACEA RESORT Kata Beach, Phuket w w w . o r c h i d a c e a r e s o r t . c o m About Us

ORCHIDACEA RESORT Kata Beach, Phuket w w w . o r c h i d a c e a r e s o r t . c o m About Us

ORCHIDACEA RESORT Kata Beach, Phuket w w w . o r c h i d a c e a r e s o r t . c o m About Us Orchidacea Resort is located on the gently sloping hills of Kata, Phuket -Thailand, overlooking the crystal clear Andaman Sea and the immaculate

422 views • 18 slides
CHEESE WASTE KATA PROJECT Lisa Roberts, Tara Stow, Diego Aliste CHEESE WASTE KATA PROJECT The

CHEESE WASTE KATA PROJECT Lisa Roberts, Tara Stow, Diego Aliste CHEESE WASTE KATA PROJECT The

ZINGERMANS MAIL ORDER: Arjun Bhalla, Eric Lam, Shivani Palekar, Ting-Yi Li CHEESE WASTE KATA PROJECT Lisa Roberts, Tara Stow, Diego Aliste CHEESE WASTE KATA PROJECT The online shop for Zingermans food and sends food, such as breads,

184 views • 14 slides
Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are not going to be the answer to preventing your application from being compromised, but they can limit the damage from a compromise. How do

823 views • 25 slides
Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com Containers are great Containers are resource efficient Containers make deployment easy Containers can be monitored easily Containers are secure But are

508 views • 38 slides
Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega @jmortegac Agenda Introduction to containers security Linux Containers(LXC) Docker Security Security pipeline && Container

807 views • 57 slides
Refactoring Fundamentals The Gilded Rose Refactoring Kata Steve Smith Ardalis.com @ardalis The

Refactoring Fundamentals The Gilded Rose Refactoring Kata Steve Smith Ardalis.com @ardalis The

Refactoring Fundamentals The Gilded Rose Refactoring Kata Steve Smith Ardalis.com @ardalis The Gilded Rose Kata Introduction The Gilded Rose is a small inn with a prime location in a prominent city run by a friendly innkeeper named Allison.

420 views • 7 slides
SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54 What are Containers? A package/image that can be deployed anywhere (thats running a Linux Kernel) Developers create a layered image of their

996 views • 53 slides
Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at BlaBlaCar pgDay Paris, Mar 15, 2018 BlaBlaCar Overview Todays agenda PostgreSQL usage at BlaBlaCar Switching to a new implementation

844 views • 40 slides
Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have become popular replacing many Physical / Virtual Machine use cases But: The persistent storage problem for containers is still not fully solved

1.01k views • 17 slides
Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change An Approach Required Software Processes Cultural Changes Additional Concerns Lessons Learned Why This Talk? Containers are

678 views • 49 slides
IJF KATA COMMISSION ANALYSIS OF OFFICIAL KODOKAN VIDEO In the meeting held in Paris the 5 th and

IJF KATA COMMISSION ANALYSIS OF OFFICIAL KODOKAN VIDEO In the meeting held in Paris the 5 th and

IJF KATA COMMISSION ANALYSIS OF OFFICIAL KODOKAN VIDEO In the meeting held in Paris the 5 th and 6 th of January 2008, the IJF Kata Commission, after the analysis of the official Kodokan video, decided that the following actions, even if

208 views • 17 slides
Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs Google Wisdom: VMs and Containers are similar but different Try running containers in VMs for security Containers are best for scale-out

314 views • 17 slides
our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can make us way more efficient containers can save us money on hosting containers sound interesting company founded in 2013

848 views • 30 slides
COACHING TEAM PERFORMANCE KATA INCLUSION Steve MEN Ken Thorne WOMEN Chappell Terry

COACHING TEAM PERFORMANCE KATA INCLUSION Steve MEN Ken Thorne WOMEN Chappell Terry

COACHING TEAM PERFORMANCE KATA INCLUSION Steve MEN Ken Thorne WOMEN Chappell Terry Atkinson Steve Withers Jason Parsons Simon Ward Judy Maslen Pete Douglas DEVELOPMENT STRUCTURE GBR PROGRAM -Juniors u20 -- Seniors ENGLAND

618 views • 9 slides
The proposed containers are "Flat-pack" type. Disassembled and reduced as

The proposed containers are "Flat-pack" type. Disassembled and reduced as

CON-IMEX CONTAINERS 2009 AKAR Logistics 70 Beecham Court Owings Mills, MD 21117 USA Sophia Akar Tel: + 410-961-7232 / + 410-961-0327 Fax: + 410-356-8267 sophia@akarlogistics.com 1 / 20 GENERAL The proposed containers are

313 views • 20 slides
Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk

Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk

Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk Introductions David Porter Fairport Containers Director Steve Collinson Managing Director Fairport Containers Ltd Tam Unsworth Recycling Banks

552 views • 28 slides
Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt

Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt

Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt Innsbruck Innsbruck Nov 2018 Overview Preliminaries Why containers Understanding Containers vs. Virtual Machines Comparison of

482 views • 37 slides
Alm dos Containers na Nuvem QConSP - Containers & Devops 26 April 2017 Guilherme Rezende

Alm dos Containers na Nuvem QConSP - Containers & Devops 26 April 2017 Guilherme Rezende

Alm dos Containers na Nuvem QConSP - Containers & Devops 26 April 2017 Guilherme Rezende Globo.com About me Software Engineer at Globo.com/Tsuru @guilhermebr (GitHub) in/guilhermebr (LinkedIn) @gbrezende (Twitter) Agenda Cloud Native

636 views • 45 slides
OVERVIEW Lecture : Sucessful judoka Kumi kata (grip fight) Nage waza (standing fight)

OVERVIEW Lecture : Sucessful judoka Kumi kata (grip fight) Nage waza (standing fight)

23/09/13 TECNICA e TATICA no Judo de Alto Rendimento Maringa 25/08/13 Emanuela Pierantozzi Exercise and Sport Sciences Course, University of Genoa 1 OVERVIEW Lecture : Sucessful judoka Kumi kata (grip fight) Nage waza (standing

728 views • 28 slides
100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar -

100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar -

100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar - Facts & Figures Infrastructure Ecosystem - 100% containers powered carpooling Todays agenda Stateful Services into containers - MariaDB as

463 views • 45 slides
Containers, VMs, and Clouds: Containers & Clouds & VMs: OH My Oh My! Mike Coleman,

Containers, VMs, and Clouds: Containers & Clouds & VMs: OH My Oh My! Mike Coleman,

Containers, VMs, and Clouds: Containers & Clouds & VMs: OH My Oh My! Mike Coleman, Technology Evangelist Docker @mikegcoleman Who Am I? Technology evangelist at Docker Former: Puppet, VMware, MSFT, Intel, and HP First

390 views • 25 slides
Baptist Management System PDSA Model based on the Toyota Kata book & research by Mike Rother

Baptist Management System PDSA Model based on the Toyota Kata book & research by Mike Rother

Baptist Management System PDSA Model based on the Toyota Kata book & research by Mike Rother The information presented in the following presentation are meant as a showcase of what our best, most motivated users have achieved. Expected

512 views • 34 slides

More recommend