Stack Overflow
Stack Overflow

Questions tagged [kata-containers]

Questions related to the Kata Containers runtime. Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.

For more information about Kata Containers please visit https://katacontainers.io/

20 questions
25
votes
2 answers

Kata Containers vs gVisor?

As I understand, Kata Containers Kata Container build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers but provide the workload isolation and security advantages of VMs On the other hand,…
Suresh Vishnoi
  • 17,341
  • 8
  • 47
  • 55
7
votes
2 answers

Should I add a DMZ in front of Kubernetes?

Is Kubernetes Ingress secure enough to avoid adding a DMZ in front of Kubernetes to expose Pods and Services ? What would happen if someone "hacked" into a Pod ? Thanks.
Guillaume
  • 759
  • 1
  • 9
  • 21
3
votes
2 answers

Can we setup Knative cluster with Kata Container runtime?

I'm a newbie to lightweight virtual machines. I'm going to install Knative with Kata Container Runtime. Is it possible? I know that Kubernetes works with Kata Container runtime. But, Does Knative work properly with that?
amirmohammad
  • 33
  • 5
2
votes
2 answers

How aws firecracker handles vcpu?

I have issued below command in aws firecracker to configure the VM. I have only 8 vcpu in my host machine. curl --unix-socket /tmp/firecracker.socket -i \ -X PUT 'http://localhost/machine-config' \ -H 'Accept: application/json' …
user11779620
2
votes
1 answer

Kata 1.6.2 dependency chain broken

Kata 1.6.2 release page here: https://github.com/kata-containers/runtime/releases/tag/1.6.2 We are trying to consume the latest stable-1.6 release of kata but are hitting the dependency error below when attempting to install the package. $ sudo apt…
Max Burlik
  • 336
  • 1
  • 5
2
votes
2 answers

Can kata containers be used as a sandbox to run untrusted code?

Kata containers is trying to make containers secure by providing more isolation. lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. If I am building a…
someone
  • 300
  • 1
  • 9
1
vote
1 answer

How can I troubleshoot pod stuck at ContainerCreating

I'm trying to troubleshoot a failing pod but I cannot gather enough info to do so. Hoping someone can assist. [server-001 ~]$ kubectl get pods sandboxed-nginx-98bb68c4d-26ljd NAME READY STATUS RESTARTS …
mickt
  • 47
  • 1
  • 8
1
vote
1 answer

k8s - Nested Firecracker Environments

Sorry if this question might sound "convoluted" but here it goes... I'm currently designing a k8s solution based on Firecracker and Kata-containers. I'd like the environment to be as isolated/secure as possible. My thoughts around this are: deploy…
Kodo
  • 541
  • 1
  • 6
  • 17
1
vote
0 answers

How to configure kata container network without K8s?

I am trying to launch Kata 2.x containers without K8s. Since Kata-shim-V2 is not compatible with docker, I launched the container using ctr via containerd sudo ctr run --runtime io.containerd.run.kata.v2 -t --rm docker.io/library/ubuntu:latest…
gqli
  • 985
  • 3
  • 11
  • 34
1
vote
1 answer

Is parsing cgroup files for stats viable if the container is not sharing the kernel with host?

Stats found in cgroup files on the host, are they reliable if the container does not share the kernel with the host? I'm asking this because while it was reliable with docker, with multiple runtimes being supported by K8s - some that offer…
Sam Thomas
  • 647
  • 7
  • 25
1
vote
1 answer

When execute "sudo kata-runtime kata-check", it shows " file /usr/share/kata-containers/vmlinuz.container does not exist"

First I install qemu-2.11.1 with commands: ./configure --enable-virtfs` sudo make sudo make install Then I executed commands in kata-containers/runtime: sudo make sudo make install After these things, I just checked wheter the environment is…
si yan
  • 343
  • 1
  • 13
0
votes
0 answers

Why Kata's guest kernel is bigger than Gvisor's, although it has been optimized

Kata uses an optimized Linux kernel as a guest kernel and gvisor uses an application kernel. Why Kata's guest kernel is bigger than Gvisor's, although it has been optimized?
yaoxin jing
  • 55
  • 1
  • 4
0
votes
0 answers

host system doesn't support vsock

I'm studying about Kata Container using Nvidia Jetson Nano and want to make Kata Container work on Jetson device. OS is ubuntu 18.04 and installed docker, k8s and kata container. And I tried to make pod using kata container, but error…
choiyhking
  • 1
  • 3
0
votes
2 answers

How to enable systemd within a k8s Pod

I am running a kata containers on my k8s cluster and would like to use systemd within the pod. Using the following dockerfile to build my image: FROM ubuntu:20.04 ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install -y systemd…
triple fault
  • 13,410
  • 8
  • 32
  • 45
0
votes
0 answers

Can Kata Containers and gVisor containers enable transparent huge pages (THP) when transparent huge pages are disabled on the host machine?

I'm running Kata Containers and gVisor containers on a host machine with transparent huge pages (THP) disabled. I would like to enable THP specifically for these containers, but I'm not sure if this is possible or how to do it. Is it possible to…
ray
  • 43
  • 3
1
2