More talks in the program:
10:15 - 11:15
Developers love containers: they help to package applications neatly and unravel library dependencies. Some ops teams take a more sober view of the technology, though. They are responsible for the infrastructure and the security. Shared kernels separating applications only by namespaces and groups, cause raised eyebrows now and then. The level of isolation provided by real VMs was more credible, some say.
Kata containers are about to overcome this gap: The project starts containers in extremely lightweight VMs but keeps the interface. All calls and integrations to Docker or Kubernetes remain the same because the project implements the OCI interface.
The talk introduces to the architectural design of Kata Containers, explains the easy installation using a Docker runtime environment and shows how to use it. We present the results of the simple benchmarks and discuss differences to purely namespace-based containers. Finally, we look at improved memory consumption and some other features, that got introduced in the more recent updates of Kata Containers.