#KataContainers

@firemantimtw3.bsky.social

1 month ago

The #KataContainers community is excited to sponsor #KubeCon #CloudNativeCon EU this year! Join us to learn how container isolation can enhance your security, especially in an #AI world

events.linuxfoundation.org/kubecon-clou...

0 0 0 0

4 months ago

Gámur: Because “Apple Containerization” was never going to fit on a t-shirt.

#Gamur #AppleSilicon #macOS26 #containers #DevOps #OpenSource #AppleEngineering #ARM64 #homelab #KataContainers

1 0 0 0

@firemantimtw3.bsky.social

4 months ago

For Apple’s new container runtime, I’ve been calling it Gamur — from Icelandic gámur, “container.”

IIf this name ever makes it into a WWDC slide, I’ll retire happy. 😄

#Gamur #AppleSilicon #macOS26 #containers #KataContainers #Linux #ARM64 #GitHub #DevOps #OpenSource

1 0 0 0

7 months ago

New: #OpenInfra Platinum Member Ant Group's Cloud Workload Protection Platform (Ant CWPP) Built with #KataContainers and eBPF

Learn how to prevent container escape w/ hypervisor-level isolation & apply application-specific security policies with in-container eBPF

katacontainers.io/collateral/k...

1 1 0 0

7 months ago

Published today: Ant Group's Cloud Workload Protection Platform (Ant CWPP) Built with #KataContainers and eBPF

Learn how to prevent container escape w/ hypervisor-level isolation and apply application-specific security policies using in-container eBPF

katacontainers.io/blog/kata-co...

0 0 0 0

7 months ago

Starting to build your #OpenInfra Summit schedule? Check out this schedule preview from Programming Committee Chair, @spotzz_

#OpenStack #KataContainers #Zuul #opensource #AI

openinfra.org/blog/openinf...

2 3 0 0

8 months ago

The #OpenInfra Summit Europe schedule is now live! Check out the sessions covering OpenStack, Kubernetes, #KataContainers, RISC-V, #StarlingX, #Zuul & more!

Join us to talk all things #opensource #AI, digital sovereignty, VMware Migration and more!

summit2025.openinfra.org/a/schedule

2 0 0 0

9 months ago

⏳ Final days to submit! ⏳

The CFP for the #OpenInfraSummit Europe closes this Friday! If you’re building with #OpenStack, #Kubernetes, #Ceph, #KataContainers, or other #OpenSource infrastructure, this is your moment to shine on stage in Paris! summit2025.openinfra.org/cfp/

2 0 0 1

10 months ago

If you're innovating with #KataContainers & contributing back to the community, recognize your team with the annual Superuser Awards!

The deadline to submit is September 2, and the winner will be announced at the #OpenInfraSummit Europe in October

openinfrafoundation.formstack.com/forms/superu...

1 0 0 0

10 months ago

🚨Registration for the #OpenInfraSummit Europe is now LIVE! 🚨

Come talk all things #OpenStack, #Kubernetes, #Linux, #KataContainers, #Ceph, and more! summit2025.openinfra.org

1 0 0 0

Kata Containers Kata Containers is an open source container runtime, building lightweight virtual machines that seamlessly plug into the containers ecosystem.

11 months ago

At the PTG, the #KataContainers community discussed the 4.0 release roadmap, Arm Confidential Compute Architecture Support, as well as testing & benchmarking.

Review this blog and get in touch with the community to get involved!

katacontainers.io/blog/kata-co...

0 0 0 0

Using Kata Containers as a Container Runtime in OpenStack Zun - Superuser Explore how Kata Containers can be used with Zun to provide a secure and efficient container experience within OpenStack.

11 months ago

Explore how #KataContainers can be used with Zun to provide a secure and efficient container experience within @openstack.org.

superuser.openinfra.org/articles/usi...

0 0 0 0

Forem

@forem.com.web.brid.gy

11 months ago

Kata Containers: Lightweight VMs for Containers ## Introduction In today’s cloud-native world, containers have become the standard unit of software delivery. They allow developers to package applications along with their dependencies into lightweight, portable units that can run reliably across different environments. This has revolutionized the way we build, ship, and run applications—from developer laptops to large-scale Kubernetes clusters. But while containers are efficient and fast, they come with a trade-off: **security**. Traditional containers share the host operating system’s kernel. That means if a container is compromised, there’s a potential risk to the entire system. For many teams running multi-tenant clusters or handling untrusted workloads, that risk isn’t acceptable. This is where Kata Containers come in—a project designed to bridge the gap between the speed of containers and the strong isolation of virtual machines. Kata Containers look and feel like containers, but under the hood, they run inside lightweight VMs using a separate kernel. This offers a level of isolation closer to traditional virtualization, without the overhead that comes with full-blown hypervisors. Whether you're managing sensitive data, running sandboxed workloads, or building a secure Kubernetes platform, Kata Containers can offer a powerful middle ground. To better understand what makes Kata Containers different, let’s take a look at a side-by-side comparison with traditional containers. _source :https://yqintl.alicdn.com/fb67232d2a5e2e8afbc7968c9227f7dd4121bbaf.png_ On the right side of the diagram, we see how traditional containers work. Each containerized process (A, B, C) shares the same Linux kernel. Isolation is achieved using namespaces, cgroups, and additional filters like seccomp, MAC (Mandatory Access Control), and capabilities. While this method is lightweight and fast, it still means that all containers rely on the host’s kernel. If one container exploits a kernel vulnerability, it could potentially affect others or even the host. On the left side, Kata Containers take a different approach. Each containerized process runs inside its own lightweight virtual machine, with a dedicated kernel (e.g., Linux Kernel A, B, C). These VMs are powered by hardware virtualization, which provides strong, hardware-enforced isolation between workloads. From the perspective of the process inside, it’s still running in a container—but behind the scenes, it’s isolated as if it were a small, independent VM. In practice, this means Kata Containers offer much stronger security boundaries. If a container running inside a Kata VM is compromised, the attack surface is significantly reduced—it would have to break through an entire virtualized layer rather than just a namespace. The tradeoff? Slightly more overhead compared to traditional containers. But in environments where security and workload isolation are top priorities—like multi-tenant platforms, confidential workloads, or untrusted code—Kata Containers strike a compelling balance between performance and protection. Kata Containers may not be the default choice for every workload, but when security and strong isolation matter just as much as performance, they offer a powerful and elegant solution that bridges the best of both containers and virtual machines. ### Resources https://github.com/kata-containers/kata-containers/tree/main/docs/install

0 0 0 0

DEV Community

@dev.to.web.brid.gy

11 months ago

Kata Containers: Lightweight VMs for Containers ## Introduction In today’s cloud-native world, containers have become the standard unit of software delivery. They allow developers to package applications along with their dependencies into lightweight, portable units that can run reliably across different environments. This has revolutionized the way we build, ship, and run applications—from developer laptops to large-scale Kubernetes clusters. But while containers are efficient and fast, they come with a trade-off: **security**. Traditional containers share the host operating system’s kernel. That means if a container is compromised, there’s a potential risk to the entire system. For many teams running multi-tenant clusters or handling untrusted workloads, that risk isn’t acceptable. This is where Kata Containers come in—a project designed to bridge the gap between the speed of containers and the strong isolation of virtual machines. Kata Containers look and feel like containers, but under the hood, they run inside lightweight VMs using a separate kernel. This offers a level of isolation closer to traditional virtualization, without the overhead that comes with full-blown hypervisors. Whether you're managing sensitive data, running sandboxed workloads, or building a secure Kubernetes platform, Kata Containers can offer a powerful middle ground. To better understand what makes Kata Containers different, let’s take a look at a side-by-side comparison with traditional containers. _source :https://yqintl.alicdn.com/fb67232d2a5e2e8afbc7968c9227f7dd4121bbaf.png_ On the right side of the diagram, we see how traditional containers work. Each containerized process (A, B, C) shares the same Linux kernel. Isolation is achieved using namespaces, cgroups, and additional filters like seccomp, MAC (Mandatory Access Control), and capabilities. While this method is lightweight and fast, it still means that all containers rely on the host’s kernel. If one container exploits a kernel vulnerability, it could potentially affect others or even the host. On the left side, Kata Containers take a different approach. Each containerized process runs inside its own lightweight virtual machine, with a dedicated kernel (e.g., Linux Kernel A, B, C). These VMs are powered by hardware virtualization, which provides strong, hardware-enforced isolation between workloads. From the perspective of the process inside, it’s still running in a container—but behind the scenes, it’s isolated as if it were a small, independent VM. In practice, this means Kata Containers offer much stronger security boundaries. If a container running inside a Kata VM is compromised, the attack surface is significantly reduced—it would have to break through an entire virtualized layer rather than just a namespace. The tradeoff? Slightly more overhead compared to traditional containers. But in environments where security and workload isolation are top priorities—like multi-tenant platforms, confidential workloads, or untrusted code—Kata Containers strike a compelling balance between performance and protection. Kata Containers may not be the default choice for every workload, but when security and strong isolation matter just as much as performance, they offer a powerful and elegant solution that bridges the best of both containers and virtual machines. ### Resources https://github.com/kata-containers/kata-containers/tree/main/docs/install

0 0 0 0

stackconf

@stackconf.eu

11 months ago

Disruptive tech shifts? No problem. Open source communities are driving innovation in AI, security, and digital sovereignty.

At #stackconf, Jimmy McArthur reveals how the #OpenInfra community is shaping next-gen infrastructure with #OpenStack, #KataContainers, and more.

stackconf.eu/talks/h...

3 0 0 0

Pablo Álvarez Corredera

@cibered.com

1 year ago

Un Runtime de Contenedores con el Aislamiento de Máquinas Virtuales, Kata Containers - CIBERNINJAS Kata Containers es un proyecto de código abierto que ofrece un runtime de contenedores más seguro, combinando la velocidad y simplicidad de los contenedores

🚢 Un Runtime de Contenedores con el Aislamiento de Máquinas Virtuales, Kata Containers ciberninjas.com/runtime-cont...

#Contenedores #Seguridad #KataContainers #Virtualización #Ciberseguridad #Infraestructura #Docker

0 0 0 0

Innovative Open Source Projects: From AI to Cybersecurity Discover top open source projects like Jurassic-1, Metasploit, and NASA OpenMCT, showcasing innovation in AI, cybersecurity, and space exploration.

1 year ago

#KataContainers was recognized by @sdxcentral.bsky.social as an innovative #opensource project in the cloud and containers space.

www.sdxcentral.com/articles/inn...

1 0 0 0

1 year ago

Towards Kata Containers 4.0: Full Lifecycle GPU Management for AI/ML Workloads YouTube video by OpenInfra Foundation

The #KataContainers community is actively working towards the 4.0 release. Learn more about the upcoming features in this @openinfra.org Summit session:

Towards Kata Containers 4.0: Full Lifecycle GPU Management for AI/ML Workloads

www.youtube.com/watch?v=YDyK...

0 0 0 0