[OpenStack Foundation] OpenStack TC feedback on Kata Containers for OIP Confirmation

Mohammed Naser mnaser at vexxhost.com
Thu Apr 4 20:04:10 UTC 2019

Per the OSF Project Confirmation Guidelines[0], the OSF Board of
directors is soliciting feedback from representatives of existing
confirmed Open Infrastructure Projects (so far that's just OpenStack)
when evaluating the Kata Containers pilot project's upcoming
application for OIP confirmation. We reached out to the OpenStack
community to get an idea of what interactions have been experienced or
observed relevant to these guidelines, and compiled them in an
Etherpad[1] for ease of collaboration. The feedback is broken down by
each of the five major guideline headings along with a catch-all at
the end. Here follows an attempt to summarize what we've learned:

Kata Containers aids the OSF's strategic focus by bringing value to
those working with multi-tenant and similarly sensitive
container-oriented technologies. It has brought the OSF community new
inroads with Amazon/AWS technologists through its collaboration and
integration with their Firecracker project. Involvement with OpenStack
projects seems so far to have been limited to Zun[2], though Kata's
testing has indirectly helped improve the state of nested
virtualization in OpenStack. Opportunities for interaction with Magnum
and other related parts of OpenStack remain as of yet untapped, and it
was also suggested that use cases for leveraging Kata to further
isolate Zuul executor processes and job nodes merit future
exploration. Unfortunately, overall lack of OpenStack community
familiarity with Kata seems to indicate some failures at outreach,
possibly in both directions (including noted absence from PTGs).

The governance[3] established for Kata employs a relatively similar
model to that of OpenStack at the top level with their AC parallel to
the OpenStack TC, and the election process they've followed is similar
as well (though tuned for electors contributing through GitHub rather
than OpenDev). On recommended technical practices, they use a
vulnerability management process[4] inspired by OpenStack's, but
maintain their own public CI system[5] to test and report on proposed
pull requests for their software along with performing periodic
post-merge performance analyses. When it comes to open collaboration,
their reliance on proprietary tools like GitHub and Slack was called
out as a possible point of contention, however respondents from the
OpenStack community remarked that submitting contributions or
otherwise interacting with Kata maintainers was a pleasant/positive
experience and the community was genuinely helpful. They seem to be
actively engaged with potential users and projects they see as
relevant to their scope (notably Firecracker), and maintain a visible
presence at popular industry events like KubeCon.

[0] https://wiki.openstack.org/wiki/Governance/Foundation/OSFProjectConfirmationGuidelines
[1] https://etherpad.openstack.org/p/openstack-tc-kata-confirmation-feedback
[2] http://lists.openstack.org/pipermail/openstack-discuss/2019-March/004376.html
[3] https://github.com/kata-containers/community
[4] https://github.com/kata-containers/community/blob/master/VMT/VMT.md
[5] http://jenkins.katacontainers.io/

Mohammed Naser — vexxhost
D. 514-316-8872
D. 800-910-1726 ext. 200
E. mnaser at vexxhost.com
W. http://vexxhost.com

More information about the Foundation mailing list