We are delighted to share this article coming from The Kata Containers Community. Matthieu Legré-VP Product at Cysec explained how the Cysec team got started with Kata Containers and how the company is using it.
Describe how you’re using Kata Containers in your environment:
Kata Containers has been integrated in the list of runtimes supported by our ARCA Trusted OS in the release 1.5.0 accessible since March 2022. ARCA users can choose which runtime they prefer depending on their use-case. Kata Containers runtime is particularly recommended when ARCA Trusted OS is deployed on bare metal infrastructure supporting AMD-SEV features.
How does Kata Containers add value to Cysec’s product?
Kata Containers allow Cysec to increase the number of use-cases that can be addressed by ARCA Trusted OS. First, Cysec can now propose a solution to end-users that would like to benefit from the scalability and agility of containers without losing the higher level of isolation between applications and infrastructure provided by VMs. Second, the combination of Kata Containers and confidential computing context allows our end-users to securely exploit the same platform for containers with different business purposes opening cost reduction possibilities for their infrastructure.
How does the team at Cysec contribute to the Kata community?
We haven’t contributed to kata-containers on the compatibility with AMD SEV but we have reported some issues or contributed to the compatibility of kata-containers with GNU Linux.
What kind of support do you require to deploy Kata Containers?
We might require support from the Kata Containers project and contributors for maintenance and integration issues (i.e. the fact of having Kata-containers on ARCA Trusted OS requires maintenance on our side). We cannot list any specific issues, they will come through our maintenance journey. For example, currently we are investigating the fact that qemu 6.2 has a breaking change with regards to the Kata Containers project. We have already opened an issue with maintainers. As of time of this writing qemu 6.2 is expected to be integrated into Kata 2.5.0.
What challenges did your team run into while deploying Kata Containers and how did you overcome them?
As mentioned previously, Cysec engineering team encountered some issues with the compatibility of Kata Containers with our container-specific Linux OS. Our team was able to overcome these issues by reporting them to the Kata Containers community and by contributing with a fix.
From Cysec end-user point of view, the use of Kata Containers runtime is pretty simple in terms of configuration. However, the environments supporting Kata Containers are pretty limited for the moment. Our end-users can use this runtime only when ARCA Trusted OS is deployed on bare metal.
What can be improved?