The speed of containers, the security of VMs.
Kata Containers is an alternative OCI compatible runtime that enhances the security of container workloads in a lightweight virtual machine.
Kata Containers “Sweet Spots”
More Security
+
Flexibility
Regulated and sensitive production environments
Mixed workloads production environments
Multi-tenant container�clusters
Bare metal infrastructure
Legacy and cutting edge workloads with kernel-dependent features
How it works
HOST LINUX KERNEL
PROCESS A
namespaces
Kata Containers
Each container or pod is more isolated in its own lightweight VM
GUEST LINUX KERNEL A
VIRTUAL MACHINE
PROCESS B
namespaces
GUEST LINUX KERNEL B
VIRTUAL MACHINE
PROCESS C
namespaces
GUEST LINUX KERNEL C
VIRTUAL MACHINE
PROCESS A
namespaces
PROCESS B
namespaces
PROCESS C
namespaces
HOST LINUX KERNEL
Filter:
Filter:
Filter:
Traditional Containers
Isolation by namespaces, cgroups with shared kernel
CPU
Memory
Network
HARDWARE VIRTUALIZATION
HARDWARE VIRTUALIZATION
HARDWARE VIRTUALIZATION
Storage
Container A
Container B
Container C
Container A
Container B
Container C
Kata Containers provides additional security
Separate Guest Kernel
VMX non-root
Hardware control
CPU Access� Memory Access� Device Access
Cgroups
Namespaces
Capability Filters
Seccomp filtering
Mandatory Access Control (MAC)
Standard Containers
Virtual Machines
+
=
Kata Containers
Healthy Growing Community
The NDSU 2022 Spring Capstone Kata Containers Project�
Project Proposal
The Work
The internship work will consist on increasing the unit tests coverage for main component of Kata Containers, its agent.
The agent is written in rust, a new, popular, and quite efficient language. The work will provide the students the opportunity to familiarise themselves with the language, get an overview of the Kata Containers project (along with containers in general), and a reasonable understanding of the internals of a container runtime.
In addition, students will learn about contributing to an open source project and be able to point to their contributions on resumes and in interviews. They will learn how to communicate with a global community, how testing for a open source project hosted on github works, and other general contribution skills.
The Mentors
James O. D. Hunt <james.o.hunt@intel.com> Slack: jodh
Fabiano Fidêncio <fabiano.fidencio@intel.com> Slack: fidencio
Both mentors are long term contributors, experienced in internship programs, and with a strong community background on containers and virtualisation related projects.
The Kata Containers community welcomes contributions from anyone.�
Get Involved
Language Rust
Apache 2 license
Developer Mailing List: lists.katacontainers.io
Major releases managed through Github Project
Slack bit.ly/kataslack
Source code Kata Containers source
Issues https://tinyurl.com/kata-ndsu
Documentation
Kata Containers Getting Started �Kata Containers Architecture �Kata Containers Developer Guide