The speed of containers, the security of VMs

Kata Containers is an open source project and community specializing in building standard implementations of lightweight virtual machines (VMs) that provide VM workload isolation and security benefits while detecting and running similar containers .

The Kata Containers project has six components: Proxy, Runtime, Proxy, Shim, Kernel, and QEMU 11. Designed to be architecture independent, it runs on multiple hypervisors and is compatible with OCI specification for Docker container and CRI for Kubernetes.

Kata Containers is a combination of Intel® ClearContainers and Hyper run V technology. The code is hosted under Github under Apache 2 license and is managed by the OpenStack Foundation.

Roughly speaking, the container is the former steroid VM (virtual machine). There are no excessive limitations on individual operating system versions. Unlike the VM, the VM was once another copy of the guest operating system (and thus VM resources become massive), the container shared the underlying operating system's kernel. This allows more than one container to run on that particular machine than the VM. However, for the sake of fairness, containers are generally suitable for various kinds of workloads (such as more complicated ones). As a result, because they are already existing and running, they are preferred in the enterprise IT environment and the organization may want to port them to the cloud soon.

Leaving the VM, the container is new. The Docker container wraps your software into a complete file system. It is lighter than VM and achieves speed by ensuring standardization of the environment. Small size means you can install multiple containers in a single VM. The important point is that the container abstracts the underlying infrastructure from the application itself so that the container implements true application portability. Certain pulses of important metrics (response time, CPU usage, server memory, etc) allow for rapid identification of potential problems and help to prevent failure. For example, tools like Icinga can even automatically create monitors when setting up servers with Puppet. I recommend using Graphite, Stats D, and Grafana to make as many of these indices as possible.

Virtual computer systems are tightly separated software containers called "virtual machines" (VMs) with internal operating systems and applications. Individual VMs are completely independent. Placing multiple VMs on a single computer allows multiple operating systems and applications to run on only one physical server or "host". By completely replicating the physical network, network virtualization makes it possible to run the application on the virtual network as if it is on the physical network. (Network virtualization provides logical network devices and services to connected workloads (logical ports, switches, routers, firewalls, load balancers, VPNs, etc.).