Home Home > Tag > cri-o
Sign up | Login

Posts Tagged ‘cri-o’

Kata Containers Packages are Available officially in openSUSE Tumbleweed

August 17th, 2019 by

Kata Containers is an open source container runtime that is crafted to seamlessly plug into the containers ecosystem.

We are now excited to announce that the Kata Containers packages are finally available in the official openSUSE Tumbleweed repository.

It is worthwhile to spend few words explaining why this is a great news, considering the role of Kata Containers (a.k.a. Kata) in fulfilling the need for security in the containers ecosystem, and given its importance for openSUSE and Kubic.

What is Kata

As already mentioned, Kata is a container runtime focusing on security and on ease of integration with the existing containers ecosystem. If you are wondering what’s a container runtime, this blog post by Sascha will give you a clear introduction about the topic.

Kata should be used when running container images whose source is not fully trusted, or when allowing other users to run their own containers on your platform.

Traditionally, containers share the same physical and operating system (OS) resources with host processes, and specific kernel features such as namespaces are used to provide an isolation layer between host and container processes. By contrast, Kata containers run inside lightweight virtual machines, adding an extra isolation and security layer, that minimizes the host attack surface and mitigates the consequences of containers breakout. Despite this extra layer, Kata achieves impressive runtime performances thanks to KVM hardware virtualization, and when configured to use a minimalist virtual machine manager (VMM) like Firecracker, a high density of microVM can be packed on a single host.

If you want to know more about Kata features and performances:

  • katacontainers.io is a great starting point.
  • For something more SUSE oriented, Flavio gave a interesting talk about Kata at SUSECON 2019,
  • Kata folks hang out on katacontainers.slack.com, and will be happy to answer any quesitons.

Why is it important for Kubic and openSUSE

(more…)

Inkscape, GTK, glibc Updates Arrive in Tumbleweed

February 14th, 2019 by

A single snapshot was released this week for openSUSE Tumbleweed bringing update packages for Mozilla Thunderbird, dbus, Inkscape, Ruby, glibc, gtk and more.

The lone snapshot of the week was 20190209. ModemManager made the jump from version 1.6.14 to 1.10.0 and consolidated common tag names among all the supported plugins as well as provided a new tag to allow specifying flow control settings to use in serial ports. The Mozilla Thunderbird 60.5.0 package gave more search engine options in certain locations offering Google and DuckDuckGo available by default. The email client also added Thunderbird FileLink with WeTransfer to upload large attachments. Thunderbird Filelink provides support for online storage services and allows upload attachments to an online storage service and then replaces the attachment in the message with a link. General-purpose parser generator bison 3.3.1 removed support for the 32-bit C/C++ development system DJGPP. The compiler cache, ccache 3.6,  which speeds up recompilation by caching previous compilations, fixed a problem due to Clang, which is a C language family frontend for LLVM, overwriting the output file when compiling an assembler file and added support for GNU Compiler Collection‘s `-ffile-prefix-map` option. The 1.12.12 version update for dbus stopped a few memory leaks and added a couple patches. The epson-inkjet-printer-escpr 1.6.35 version added support for new printer models EcoTank ET-M1100 and Epson WorkForce ST-2000. GNU C Library glibc 2.29 added getcpu wrapper function, which returns the currently used CPU and NUMA node, and optimized the generic exp, exp2, log, log2, pow, sinf, cosf, sincosf and tanf functions. Cross-platform widget toolkit gtk3 3.24.5 implement gdk_window_present for Wayland, updated translations and refreshed the theme. The health-checker 1.1 package added new plugins for cri-o and kubelet. Users of the professional-quality vector-graphics application Inkscape can now use the 0.92.4 version; the new version improves preferences of the measuring tool when grids are visible and fixes a crash that would happen when a user does a Shift/Ctrl-click when handling shapes. Tumbleweed users will have 1.7x faster performance with Ruby 2.6 as the default as compared to Ruby 2.5. Other library packages updated in the snapshot were libosinfo 1.3.0, libsodium 1.0.17, libsolv 0.7.3, libstorage-ng 4.1.86 and libzypp 17.11.1.

Snapshot 20190209 is trending at a moderate rating of 86, according to the Tumbleweed snapshot reviewer.

Kubic is now a certified Kubernetes distribution

January 24th, 2019 by

Published by Richard Brown on Jan 22, 2019 on kubic.opensuse.org

Certified Kubernetes

The openSUSE Kubic team is proud to announce that as of yesterday, our Kubic distribution has become a Certified Kubernetes Distribution! Notably, it is the first open source Kubernetes distribution to be certified using the CRI-O container runtime!

What is Kubernetes Certification?

Container technologies in general, and Kubernetes in particular, are becoming increasingly common and widely adopted by enthusiasts, developers, and companies across the globe. A large ecosystem of software and solutions is evolving around these technologies. More and more developers are thinking “Cloud Native” and producing their software in containers first, often targeting Kubernetes as their intended platform for orchestrating those containers. And put bluntly, they want their software to work.

But Kubernetes isn’t like some other software with this sort of broad adoption. Even though it’s being used in scenarios large and small, from small developer labs to large production infrastructure systems, Kubernetes is still a fast-moving project, with new versions appearing very often and a support lifespan shorter than other similar projects. This presents real challenges for people who want to download, deploy and run Kubernetes clusters and know they can run the things they want on top of it.

When you consider the fast moving codebase and the diverse range of solutions providing or integrating with Kubernetes, that is a lot of moving parts provided by a lot of people. That can feel risky to some people, and lead to doubt that something built for Kubernetes today might not work tomorrow.

Thankfully, this a problem the Cloud Native Computing Foundation (CNCF) is tackling. The CNCF helps to build a community around open source container software, and established the Kubernetes Software Conformance Certification to further that goal. Certified Kubernetes solutions are validated by the CNCF. They check that versions, APIs, and such are all correct, present, and working as expected so users and developers can be assured their Kubernetes-based solutions will work with ease, now and into the future.

 

(more…)