Project Description

Kata Containers is an open source community working to build a secure container runtime with lightweight virtual machines that feel and perform like containers, but provide stronger workload isolation using hardware virtualization technology as a second layer of defense.

It basically adds novel low-level container runtimes side by side to runc, which will run the container image in lightweight virtual machine. These container runtimes can be selected through the runtimeClassName field in the Pod spec.

Goal for this Hackweek

The goal of this Hackweek is to deliver a Kata Containers Helm repository to allow easy installation of Kata Containers on Kubernetes and Rancher.

Resources

Hack Week Project github repository

Hack Week Project Helm repo

Kata Containers site

Kata Containers github page

Kata Containers main repo

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 23

Activity

  • 11 months ago: fgiudici started this project.
  • 11 months ago: fgiudici originated this project.

  • Comments

    • fgiudici
      11 months ago by fgiudici | Reply

      The Kata Containers project provides the kata-deploy installation method which consists of:

      • a container image packed with all the required binaries compiled statically and all the other artifacts from the release
      • a kata-deploy script, included in the same container image, that should be run on each cluster node
      • kubernetes resources to be installed through kustomize

      During the hackweek the kata-deploy resources have been adapted in an helm chart.

      The resulting chart has been released in an Helm Repo at https://katacharts.kubepod.cloud.

      Add it to Rancher as an App HTTP Repository or add to your helm repositories with:

      $> helm repo add kata-containers https://katacharts.kubepod.cloud

      Install it via the Rancher Marketplace or via the helm command line, but be sure to set the right kind of kubernetes cluster you are using (chart value kubernetes.distribution). Allowed options are vanilla, k3s, rke2 or k0s.

      The default is vanilla so you need to change it to k3s or rke2 if you are using one of the two Rancher distro. This is required because the kata deployment needs to change the containerd config file on the cluster nodes to enable the kata low level runtimes and containerd config location changes depending on the kubernetes distribution used.

      On the Rancher Marketplace UI you will need to change the kubernetes.distribution value editing the chart yaml before deployment (sorry, no UI for that yet). For the helm command line, you will need something like (k3s scenario):

      $> helm install kata-containers kata-containers/kata-containers --namespace kube-system --set kubernetes.distribution=k3s

      After installing Kata Containers, in order to start a kata workload, you have to specify a runtimeClassName in your kubernetes resource: here a sample kata ngnix Deployment.

      The available runtime classes can be retrieved with:

      $> kubectl get runtimeclasses.node.k8s.io

    Similar Projects

    This project is one of its kind!