Kata containers workshop_openinfrasummit_denver_may2019
1. Tracing the life of a packet using
Kata Containers
Hemanth Nakkina, Solution Architect, Ericsson
Balachandra S Thippaiah, Solution Architect, Ericsson
Purnendu Ghosh, Solution Architect, Ericsson
2. —What are Kata Containers
—Architecture:
—Features
—Networking
—Storage
—Demo#1: Deploying Kata Containers
—Integration with Kubernetes
—Demo#2: Kata with Kubernetes
—Other networking options
Agenda
5. —OCI Compliant CRI for Kubernetes
—Secure Containers with work-load isolation
—Combines benefits of containers and VMs
—They are isolated and so secure, faster than VMs
—Can support multiple Hypervisor
—Licensed under Apache 2.0
—Merger of Intel Clear Containers and Hyper runV
—No additional network policy to isolate un-trusted tenants
WhatareKataContainers?
13. — Enables selection of container runtime configuration in pod spec
— Create runtime class resources with handler’s name as corresponding CRI configuration
— Pod spec with runtime spec
KubernetesRuntimeclass
16. PacketFlow:Podsondifferenthost
192.168.2.0/26 via 54.39.176.1 dev ens3 proto bird
calico1@if1
veth-pair
Namespace-1
tap0_kata
eth0@if1
POD-1
(192.168.1.9)
192.168.1.9
mac-vtap
$ ping 192.168.2.9
ens3
192.168.1.0/26 via 54.39.176.2 dev ens3 proto bird
calico1@if1
veth-pair
Namespace-1
tap0_kata
eth0@if1
POD-2
(192.168.2.9)
192.168.2.9
mac-vtap
ens3
17. —Kubernetes installation using kubeadm
—Adding calico as CNI for kubernetes
—Pod-pod networking on same host
—North-south traffic
—Pod-pod networking on different host
Demo#2:KatawithKubernetes