In the past year, hyper.sh+intel released Kata Containers under OpenStack Foundation, and Google released gVisor. The two projects shared many features:
- both aim to work with kubernetes CRI seamlessly;
- both could be treated as secure container runtimes;
- both introduce some hypervisor technologies to improving isolation.
On the other hand, the two projects have many differences. Kata Containers is a more general solution and could work with existing accelerating technologies, while gVisor provide better flexibility, which means the user could scale up/down a running container easily.
In this session, the speakers will introduce both projects in detail, and make the quantitive comparison between them -- how much footprint/performance costs are introduced by the different methods of isolation; which perform better in standard benchmarks and lifetime workload, etc.
With k8s CRI, a cluster may employ different runtimes identically. However, it's not easy to choose one without quantitive results even if they ship with attractive features. This speech will show audiences it's time to adopt kata in production.