DevConf.cz 2021

Kata Containers runs your existing containers in their own virtual machine. It lets you combine the ecosystem of containers with the features of virtual machines. A problem with this approach is that it uses more resources than traditional container runtimes. In this session, we will discuss the current state of affairs and various attempts at making things a little better.

When you run Kata Containers along with Kubernetes or OpenShift, a pod is a virtual machine. This means that you need a hypervisor and a guest kernel. This consumes memory, disk space, and causes overhead in the networking and storage stacks. From a business perspective, this directly impacts how many containers you can start. So it is a legitimate effort to shave off as much as we can on every front.

First, we will do a review of where we stand today, i.e. how much memory and disk space is consumed by the various components, and the kind of overhead we are talking about regarding storage and networking. Then we will show where we can expect some serious improvements. Finally, we will discuss how we can deliver these optimizations in practice, and let actual use cases guide us in prioritising the effort.

We will then see how we can save quite a bit of memory and disk space for qemu (and why that matters in practice). On the storage front, we will highlight the differences between virtiofs and 9p, and the work that remains to be done, notably with respect to caching and memory usage. On the networking front, we will see how the problem is now largely solved if you have the right hardware, using SR-IOV and DPDK โ€“ย which are the topic of a dedicated talk - and discuss remaining issues.

Finally, we will cover a few longer-term prospects, notably with respect to qemu and libvirt modularization efforts, as well as more radical efforts such as libkrun, and how these prospects matter for Kata Containers as well as other consumers of these tools.