When the Intel® Clear Containers project launched in 2015, our goal was to address security concerns within containers through Intel® Virtualization Technology (Intel® VT). Using Intel VT, we were able to launch containers as lightweight virtual machines (VMs), providing an alternative runtime, which is interoperable with popular container environments such as Kubernetes* and Docker*. As announced on December 5, 2017, The Intel Clear Containers project has joined the Kata Containers project, under open governance at the OpenStack* Foundation.

Kata Containers logo

 

Key features of this model include:

  • Security: Kata Containers provide the same security as a virtual machine by having its own lightweight OS and dedicated kernel, providing isolation of network, I/O and memory and can utilize hardware-enforced isolation with virtualization VT extensions

  • Compatibility: Kata Containers support industry standards including OCI container format, Kubernetes CRI interface, as well as legacy virtualization technologies

  • Simplicity: Kata Containers eliminate the requirement for nesting containers inside full blown VMs

  • Performance: Kata Containers eliminate much of the overhead traditionally associated with virtual machines to provide a dramatically improved experience

 

You can learn more about the project at katacontainers.io, or join us on GitHub to contribute to the project.  Join the conversation:

Intel Clear Containers

We will continue to maintain Intel Clear Containers 3.0 through the transition, until Kata Containers is stable enough for production use. You can find more about our project at https://github.com/clearcontainers/runtime/wiki.