|
|
Log in / Subscribe / Register

Kubernetes & security

Kubernetes & security

Posted Apr 20, 2017 7:14 UTC (Thu) by mjg59 (subscriber, #23239)
In reply to: Kubernetes & security by bergwolf
Parent article: Kubernetes & security

How does this compare to the kvm-based stage 1 in rkt?

to post comments

Kubernetes & security

Posted Apr 22, 2017 3:09 UTC (Sat) by bergwolf (guest, #55931) [Link]

To compare hyeprcontainer and rkt's kvm-based stage1 is in fact comparing hypercontainer vs. clearcontainer since kvm-based stage1 in rkt leverages clearcontainer.

hypercontainer and clearcontainer are different implementations of the same idea of hypervisor-based appc runtime. One difference is that clearcontainer depends on highly-customised qemu-kvm called qemu-lite, while hypercontainer is hypervisor-agnostic (qemu-kvm, xen, virtual box) and architecture-agnostic (X86_64, arm, ppc, s390). Another perhaps more important difference is that hypercontainer works on the de facto standard docker images while clearcontainer/rkt works on the rkt image format ACI and needs conversion to work with docker images.

One common part is that clearcontainer uses hypercontainer's core component hyperstart as its management portal inside the virtual machine. While these two are different implementations, there is ongoing work to unify the common part of them as virtcontainer.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds