Home Home > Tag > Podman
Sign up | Login

Posts Tagged ‘Podman’

Kata Containers Packages are Available officially in openSUSE Tumbleweed

August 17th, 2019 by

Kata Containers is an open source container runtime that is crafted to seamlessly plug into the containers ecosystem.

We are now excited to announce that the Kata Containers packages are finally available in the official openSUSE Tumbleweed repository.

It is worthwhile to spend few words explaining why this is a great news, considering the role of Kata Containers (a.k.a. Kata) in fulfilling the need for security in the containers ecosystem, and given its importance for openSUSE and Kubic.

What is Kata

As already mentioned, Kata is a container runtime focusing on security and on ease of integration with the existing containers ecosystem. If you are wondering what’s a container runtime, this blog post by Sascha will give you a clear introduction about the topic.

Kata should be used when running container images whose source is not fully trusted, or when allowing other users to run their own containers on your platform.

Traditionally, containers share the same physical and operating system (OS) resources with host processes, and specific kernel features such as namespaces are used to provide an isolation layer between host and container processes. By contrast, Kata containers run inside lightweight virtual machines, adding an extra isolation and security layer, that minimizes the host attack surface and mitigates the consequences of containers breakout. Despite this extra layer, Kata achieves impressive runtime performances thanks to KVM hardware virtualization, and when configured to use a minimalist virtual machine manager (VMM) like Firecracker, a high density of microVM can be packed on a single host.

If you want to know more about Kata features and performances:

  • katacontainers.io is a great starting point.
  • For something more SUSE oriented, Flavio gave a interesting talk about Kata at SUSECON 2019,
  • Kata folks hang out on katacontainers.slack.com, and will be happy to answer any quesitons.

Why is it important for Kubic and openSUSE

(more…)

openSUSE Kubic Moves in a New Direction

August 9th, 2018 by

Dear Community,

It has been more than a year since the openSUSE community started the Kubic Project, and it’s worth looking back over the last months and evaluating where we’ve succeeded, where we haven’t, and share with you all our plans for the future.

A stable base for the future

Much of our success has been in the area generally referred to as **MicroOS**, the part of the Kubic stack that provides a stable operating system that is **atomicly updated** for running containers.

Not only is Kubic MicroOS now a fully integrated part of the openSUSE Tumbleweed release process, but our Transactional Update stack has also been ported to regular openSUSE Tumbleweed and Leap.

Based on the community’s feedback, the new System Role has been further refined and now includes fully automated updates out of the box.

This collaboration is continuing, with many minor changes to the regular openSUSE installation process coming soon based on lessons learned with tuning the installation process in Kubic.

Reviewing our initial premise

We haven’t just been busy on the basesystem. Our efforts with Rootless Containers continue, and you can now use the “Docker-alternative” Podman CRI-O in both Kubic and regular openSUSE. But when considering the Initial Premise of the Kubic project, it’s probably safe to say we’re not where we hoped to be by now.

(more…)