16 KiB
- original_name
cce_10_0463.html
Kata Runtime and Common Runtime
The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualization layer. With Kata runtime, kernels, compute resources, and networks are isolated between containers to protect pod resources and data from being preempted and stolen by other pods.
CCE Turbo clusters allow you to create workloads using common runtime or Kata runtime as required. The differences between them are as follows.
| Category | Kata Runtime | Common Runtime |
|---|---|---|
| Node type used to run containers | Bare-metal server (BMS) | VM |
| Container engine | containerd | Docker and containerd |
| Container runtime | Kata | runC |
| Container kernel | Exclusive kernel | Sharing the kernel with the host |
| Container isolation | Lightweight VMs | cgroups and namespaces |
| Container engine storage driver | Device Mapper |
|
| Pod overhead | Memory: 100 MiB CPU: 0.1 cores Pod overhead is a feature for accounting for the resources consumed by the pod infrastructure on top of the container requests and limits. For example, if limits.cpu is set to 0.5 cores and limits.memory to 256 MiB for a pod, the pod will request 0.6-core CPUs and 356 MiB of memory. |
None |
| Minimal specifications | Memory: 256 MiB CPU: 0.25 cores It is recommended that the ratio of CPU (unit: core) to memory (unit: GiB) be in the range of 1:1 to 1:8. For example, if CPU is 0.5 cores, the memory should range form 512 MiB to 4 GiB. |
None |
| Container engine CLI | crictl |
|
| Pod computing resources | The request and limit values must be the same for both CPU and memory. | The request and limit values can be different for both CPU and memory. |
Host Network <cce_10_0402> |
Not supported | Supported |