On December 20, the Cloud Native Computing Association (CNCF) officially accepted the multi-sandbox container runtime project Kuasar. The addition of Kuasar has greatly promoted the exploration, innovation and development of container runtime technology in the cloud native field.
As the CNCF's first multi-sandbox container runtime project, Kuasar was jointly launched by HUAWEI CLOUD, Agricultural Bank of China, OpenEuler, Wasmedge, and Quark Containers at KubeCon + CloudnativeCon Europe in April 2023. Kuasar has integrated the cutting-edge exploration, technology accumulation and production practices of various enterprises and communities in the field of container runtime, and open source has received extensive attention and support from the industry, with more than 900 GitHub stars and more than 70 forks, and dozens of open source enthusiasts from external enterprises and universities have participated in development contributions and active applications.
WebAssembly is fast becoming a key part of the cloud-native technology stack, Kuasar deeply integrates the high-performance, lightweight Wasmedge sandbox, the addition of Kuasar makes the WebAssembly ecosystem and the CNCF ecosystem more closely connected, and Wasmedge and Kuasar will jointly promote the development of large models, edge computing and function computing in the future. ”
Michael Yuan, founder of the Wasmedge project
At the beginning of the release of the Kuasar project, the OpenEuler community took the lead in completing the docking with the Kuasar multi-sandbox ecosystem, and launched an extremely fast and lightweight secure container solution based on Isulad + Kuasar + Stratovirt. In the future, the OpenEuler community will continue to deepen its cooperation with the CNCF community project to provide users with a lighter, safer, and more diverse containerized base. ”
Xinwei Hu, Chairman of the OpenEuler Technical Committee.
The Kuasar project is based on HUAWEI CLOUD's years of experience in the container runtime field and the practical experience of community partners. Becoming an official CNCF project demonstrates the determination of the Kuasar community to open governance, and is committed to providing enterprises and developers with an open environment of vendor-neutral and multi-party collaboration, promoting the commercial maturity of various sandbox technologies, and bringing the ultimate experience to users. ”
Wang Zefeng, official ambassador of CNCF and head of HUAWEI CLOUD cloud native open source team.
The diversification of cloud-native scenarios has promoted the vigorous development of a variety of sandbox technologies, and the access of sandbox technology to the northbound ecosystem has become a common demand. ”
Cai Wei, official ambassador of the CNCF and defender of the containerd community.
In order to meet the requirements of enterprises in cloud-native scenarios, a variety of sandbox container isolation technologies have emerged in the industry. However, there are still challenges to applying cloud-native sandboxing technology. On the one hand, various cloud-native scenarios put forward higher requirements for sandboxes, and a single sandbox cannot meet the requirements of users for cloud services in multiple dimensions such as security isolation, ultra-fast and low noise, and general standards, and enterprises face the problem of full coverage of cloud-native business scenariosOn the other hand, the O&M pressure brought about by the support of multiple types of sandboxes has increased significantly, and the current implementation of sandbox technology to connect with container runtime lacks a unified development framework, so there are differences in key logs, important events, and sandbox management logic, and the O&M pressure increases sharply while new sandboxes are introduced.
On the basis of retaining the traditional container runtime functions, Kuasar works with the containerd community to promote a new unified standard for sandbox interfaces, and further reduces management overhead, simplifies the call link, and flexibly expands the support for mainstream sandbox technologies in the industry through comprehensive rustification and optimized management model framework. In addition, by supporting the deployment of multiple security sandbox nodes and nodes, KuASAR can make full use of node resources, reduce costs and increase efficiency, and provide users with safer and more efficient sandbox solutions.
Panorama of the Kuasar project.
In terms of southbound sandboxes, Kuasar already supports secure container sandboxes (Cloud hypervisor, QEMU, and Stratovirt) based on lightweight virtualization technologies, emerging WebAssembly sandboxes (Wasmedge, Wasmtime), process-level virtualization-based App Kernel sandboxes (Quark), and kernel-based native common container sandboxes (RUNCs).In terms of northbound engines, Kuasar has jointly built the latest sandbox interface standard with Containerd and jointly promoted the standard in Containerd V2Full implementation of version 0. In addition, the lightweight container engine Isulad project has also completed deep integration with the Kuasar project, which is supported in OpenEuler 2309One-click deployment on the innovative version.
The CNCF's official acceptance of KUSAR as an official project will greatly promote the ecological construction and cooperation of KUASAR's upstream and downstream communities. Kuasar will continue to explore technological innovation in the field of cloud-native container runtimes, play a role in the process of enterprise digitalization and cloud-native transformation, and integrate the Kuasar-based multi-sandbox container runtime solution into a broader cloud-native technology ecosystem.
As the only founding member and platinum member of CNCF Asia, HUAWEI CLOUD has ranked first in Asia in terms of CNCF contributions, Kubernetes community and Istio community contributions for many years, and has contributed to CNCF a number of heavyweight cloud-native open source projects, such as the industry's first cloud-native edge computing project KubeEdge, the first cloud-native batch computing project Volcano, and the first multi-cloud container orchestration project Karmada. Kappital, Kmesh and other innovative projects, and develop together with the global cloud native community.