Kata Containers and Zuul Now Top-Level Open Infrastructure Projects

Red Hat OpenShift sponsored this post.
In advance of this week’s Open Infrastructure Summit, the OpenStack Foundation (OSF) board voted to confirm two of its pilot projects — Kata Containers and Zuul — as top-level Open Infrastructure Projects. The confirmation of the projects signals a maturity, both in their adoption of OpenStack’s core four principles as well as a level of activity, focus, and governance.
“Kata Containers and Zuul are two exciting, highly useful software projects that are solving real-world problems for users by delivering production infrastructure with open source components,” said Allison Randal, board member, OpenStack Foundation, in a company statement. “In recognizing Kata Containers and Zuul as confirmed Open Infrastructure Projects, we are acknowledging the stability and maturity of these software projects and celebrating the growth and momentum of their respective collaborative communities.”
Kata Containers provides isolation for container workloads through the use of lightweight virtual machines, giving containers an extra layer of security in multitenant environments. The project announced earlier this year its adoption of the AWS Firecracker hypervisor, which Amazon had open-sourced in late 2018. And this week the project has provided an update on what it will be doing with its next release, expected in coming weeks.
According to a keynote presentation by Samuel Ortiz, a member of the Kata Containers architecture committee and principal software engineer at Intel, and Andreea Florescu, a maintainer with the Firecracker project and a software engineer at AWS, Kata Containers has released six updates since May 2018, with improved hardware architecture support and increased security among them. In addition, the two said that the project is working to provide ARM and AMD support, to integrate firecracker-containerd, and would be refactoring its codebase to make available standalone virtualization components for use by other projects. In addition, Ortiz also introduced rust-vmm, a custom container hypervisor written in Rust meant to increase the number of container workloads supported by the project.
As for Zuul, James Blair, a core member of the OpenStack project infrastructure team from Hewlett-Packard, also took to the stage at the Open Infrastructure Summit to declare that the project was more than simply a CI/CD tool, but rather “a project gating system” that is “changing the way we develop containerized software” with “speculative execution.” A company statement describes Zuul as using “project gating to automate continuous integration, delivery and deployment of interrelated software projects in a secure manner, while delivering sophisticated project gating, especially in scenarios involving multiple repositories with integrated deliverables.”
Blair explained that this sort of “what if” has been standard for years with Git, but that Zuul now brings this capability to containers, allowing developers to find issues and verify solutions in complex systems before committing a single change to production. It does this by creating speculative ephemeral container images, which he said make testing more like production, and not the other way around. Only when test jobs using these images pass are changes allowed to be pushed into production.
Whereas Kata Containers had become an OSF pilot project in December 2017, Zuul joined in May 2018, with the vote to confirm coming just a day before the conference began. According to a company statement, Zuul has “issued 15 releases, delivering features including support for AWS, OpenShift and multiple Ansible versions, speculative container execution, and the ability for jobs to control which child jobs run.” Zuul “boasts a robust contributor base and user community, including the Ansible community, BMW, GoDaddy, GoodMoney, Leboncoin, OpenLab, OpenStack, Red Hat, SUSE, Tungsten Fabric, and the Wikimedia Foundation.”
OpenStack is a sponsor of The New Stack.