Intel, Hyper.sh merge tech into Kata Containers

Intel and Hyper.sh are set to fold their respective ‘Clear Containers’ and runV tools into a new project under the OpenStack Foundation called Kata Containers.

Kata “offers the ability to run container management tools directly on bare metal without sacrificing workload isolation”, according to OpenStack.

However, it is not an OpenStack project and therefore can be used by any enterprise user, whether they have OpenStack or not.

“This project is going to be independent from the existing Openstack projects,” executive director Jonathan Bryce said.

“It’s supported by our foundation and community but it will be governed separately and independently.”

Kata Containers will merge Intel’s Clear Containers and Hyper.sh’s runV open source projects.

“Both of these projects have been around for a couple of years now and what they have focused on is securing the runtime environment that containers execute in,” Bryce said.

“When you look at the container space there’s two pieces to it. There’s the piece that people are more familiar with [on] the application development side where you have tools like Docker, Kubernetes and Mesos, and then on the lower end side you have the parts of the kernel that actually make the containerisation happen.

“Kata Containers is … a lower level component. What it does is it creates a very lightweight virtual machine that the container can execute in. It’s able to provide the full isolation that you would get from a virtual machine but it does so with much less overhead and much greater performance than if you were using a virtual machine.

“The goal of the project is really to deliver a very secure execution environment for containers but do it in a way that doesn’t affect the performance, speed and agility that developers love about containers.”

Currently, Bryce said, when organisations want to make sure their containers run in a secure environment, they host them inside a virtual machine.

“That takes minutes and it adds hundreds of megabytes to gigabytes of overhead on the system, it means they can’t pack them as efficiently on their hardware and they can’t start them up as quickly, and so they really are losing a lot of the benefits of containers,” he said.

“The start-up times for Kata Containers are under 100ms, and the size overhead that comes with them is 10 to 30 megabytes.

“This dramatically changes the efficiency and speed of securely running containers.”

Bryce said he was happy to see Intel and Hyper.sh bring their respective tools together under Kata Containers.

The OpenStack foundation has previously talked about the need for open source technologies to become more tightly integrated in order for them to appear more attractive to a wider base of prospective enterprise users.

“If you look at this problem space, there were basically two open source projects that had traction: runV and Clear Containers,” Bryce said.

“The two projects got together and said rather than splitting the community let’s combine our efforts because what we really need is some cohesion and a community to develop around this so we can solve this problem out in the wild.

“I think it’s awesome to see communities collaborating like that and rather than hold onto their pet project or put their ego first, they’re really putting users first and trying to build a community that brings everyone together.”

While Clear Containers and runV will continue as separate projects outside of Kata Containers for the time being, the eventual plan is they will eventually both simply become Kata.

“They will be going away once the integration is complete and there’s a migration path [for their existing users],” Bryce said.

“Both of those projects have been around for a couple of years so they have users in production.

“The goal is to get to a 1.0 release of Kata early next year at which point those existing users would be able to migrate to the new project and runV and Clear Containers would both basically go away.”