Intel's Clear Containers creep toward being useful: Now plays nicer with Docker, Kubernetes

Like virtual machines but, well, like virtual machines

By Thomas Claburn in San Francisco


Intel has tweaked its Clear Containers software so that it is compatible with Docker Swarm and Kubernetes orchestration.

Virtual machines, governed by a hypervisor, enforce data isolation in hardware; containers, while less secure, can be launched and deployed faster and offer flexibility in terms of portability across machines, shared repositories, and maintenance.

Clear Containers, now at version 2.1.1, represents Intel's attempt to have the best of both worlds, to combine the security advantages of virtual machines with the deployment advantages of containers.

The software is compatible withthe Open Container Initiative (OCI) and so can integrate with Docker 1.12 (and its Swarm toolkit) via the OCI runtime method.

It relies on a kernel-based virtual machine (KVM) QEMU hypervisor, in conjunction with systemd and kernel optimizations, to minimize memory consumption while maximizing performance, at least in theory.

A version bump last month to 2.1.0 added a slew of other improvements. These include:

There's still further work to do, however. As Intel's Damien Lespiau points out in one of many GitHub issues posts, installation on Redhat Enterprise Linux requires 71 commands.

DevOps is not for the faint of heart. ®

Sign up to our NewsletterGet IT in your inbox daily

Post a comment

More from The Register

Ex-Intel exec Diane Bryant exits Google cloud

Could Chipzilla replace Brian with a Bryant?

Oh, and another thing, Qualcomm tells court: Apple handed Intel our chipping source code

Cupertino: If you've got any evidence, bring it

Intel Management Engine JTAG flaw proof-of-concept published

"God Mode" requires special USB debugging connector

PC makers: Intel CPU shortages are here to stay ... for six months

Canalys Channels Forum 2018 If it's not one DRAM thing, it's another

Intel peddles latest Xeon CPUs – E-series and 48-core Cascade Lake AP – to soothe epyc mygrayne

The AP does not stand for 'AMD P**-off'

There's no 'I' in 'IMFT' – because Micron intends to buy Intel out of 3D XPoint joint venture

Chipzilla has to go it alone or turn to a partner

ME! ME! ME! – Intel's management tech gets a quartet of security fixes

Check your computer makers for patches

Crucial P1 minicard flash drive? Not if you grabbed Intel's 660p

They don't *seem* so different if you check digits (though your real world results may vary)

Intel co-founder's Silicon Valley pad goes on the market for $22m

Includes vineyard, a separate guest house and Chipzilla history

Apple forgot to lock Intel Management Engine in laptops, so get patching

Chipzilla's security through obscurity withers under scrutiny