Table of Contents |
---|
Overview
Kata Containers * is an OCI-compatible container runtime that uses lightweight virtual machines (VM) to improve the isolation of workloads running inside a container. Kata Containers works seamlessly with Kubernetes * through Containerd * and CRI-O. It supports different architectures (including, but not limited to x86, ARM*, and IBM * Power*) and works with different hypervisors, such as Cloud Hypervisor, and Firecracker*.
The Kata Containers project is an open-source project under the Open Infrastructure Foundation*. For more information on the project and its community, you can check the Kata Containers web page and its GitHub repository.
...
In the current Integrated Cloud Native (ICN) stack, Kubernetes uses Docker* and Docker and dockershim to launch containers using the runc runtime. As Kata Containers was designed with the CRI specification in mind, it does not support dockershim. Because of this, we are introducing Containerd as an alternative CRI runtime in this stack. With Containerd, Kubernetes will be able to launch trusted workloads using runc and untrusted workloads using Kata Containers in the same environment. The image below shows the changes we are making to the current ICN stack.
...