OpenStack Foundation Announces New Container Project

| by Hrishikesh Barua Follow 14 Followers on Dec 11, 2017. Estimated reading time: 2 minutes |

The OpenStack Foundation announced a new container project called Kata Containers, born out of contributions from Intel’s Clear Containers and Hyper's runV projects. The project is compatible with the Open Container Initiative (OCI) as well as Kubernetes's Container Runtime Interface (CRI), and aims to provide the benefits of both virtual machines and containers.

The project is being initiated with code from Intel's Clear Containers and Hyper's runV projects. Clear Containers launches containers in lightweight virtual machines by utilizing Intel's VT technology. It was initially launched to address kernel security concerns. The Clear Containers runtime launches each container with its own kernel instance in a lightweight virtual machine, thus getting around the problems arising from a shared kernel. Hyper’s runV is a compliant implementation of the OCI runtime - a standard for defining container formats and runtimes. Hyper’s project functions as a “container hypervisor” and supports both Xen and KVM. Both of these projects function together in Kata, where the containers are launched in runV.

According to a talk at Kubecon / CloudNativeCon a few days ago, the underlying technology, dubbed “virtualized containers”, runs containers which are managed directly by a hypervisor. In multi-tenant environments running containers managed by Kubernetes, isolation between tenants is paramount. Some degree of isolation can be achieved by running containers for different tenants on different VMs. This is not required in Hyper’s case since the containers are managed individually by a single hypervisor, rather than running on individual VMs.

Image Courtesy :

The existing OpenStack container projects - Magnum and Zun - facilitate using other container technologies and orchestrators in an OpenStack deployment. Magnum enables users to create a “bay” into which containers can be deployed. These bays can be orchestrated by Kubernetes, Docker Swarm or Mesos. The other project Zun provides an OpenStack API for launching and managing containers backed by different container technologies. In contrast to these, Kata’s focus seems to be on being compliant with new standards as well as on achieving security.

The Kata Containers project is composed of sub-projects - Agent, Runtime, Proxy, Shim, Kernel, and a packaging of QEMU 2.9. It is governed under the OpenStack open governance model.

A product manager from Clear Containers commented that the project is under development and the integration between the two projects is ongoing - “Our 1.0 release is scheduled for March timeframe, at which point we plan to have a migration path for customers using runv or CC”. The project is being supported by 99cloud, AWcloud, Canonical, China Mobile, City Network, CoreOS, Dell/EMC, EasyStack, Fiberhome, Google, Huawei,, Mirantis, NetApp, Red Hat, SUSE, Tencent, Ucloud, UnitedStack and ZTE.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you