Intel's Clear Containers creep toward being useful: Now plays nicer with Docker, Kubernetes
Like virtual machines but, well, like virtual machines
Intel has tweaked its Clear Containers software so that it is compatible with Docker Swarm and Kubernetes orchestration.
Virtual machines, governed by a hypervisor, enforce data isolation in hardware; containers, while less secure, can be launched and deployed faster and offer flexibility in terms of portability across machines, shared repositories, and maintenance.
Clear Containers, now at version 2.1.1, represents Intel's attempt to have the best of both worlds, to combine the security advantages of virtual machines with the deployment advantages of containers.
It relies on a kernel-based virtual machine (KVM) QEMU hypervisor, in conjunction with systemd and kernel optimizations, to minimize memory consumption while maximizing performance, at least in theory.
A version bump last month to 2.1.0 added a slew of other improvements. These include:
- Improved host-guest communication.
- Support for Docker exec and Docker run.
- Additional workload isolation via namespaces.
- Better TTY handling.
- Support for Kubernetes pod semantics, to start Clear Containers via the Container Runtime Interface.
There's still further work to do, however. As Intel's Damien Lespiau points out in one of many GitHub issues posts, installation on Redhat Enterprise Linux requires 71 commands.
DevOps is not for the faint of heart. ®
Sponsored: Becoming a Pragmatic Security Leader