Open Burning1020 opened 1 year ago
Huawei ABC WasmEdge openEuler QuarkContainer
add TAG-runtime
Please include in-CNCF projects and out-of-CNCF projects
N/A
update after presentation make to TAG-runtime
/vote-sandbox
/vote-sandbox
Something went wrong while processing the configuration file:
teams in allowed voters can only be used in organizations
/vote-sandbox
The requested configuration profile was not found in the configuration file.
/vote-sandbox
@Burning1020 has called for a vote on [Sandbox] Kuasar
(#1).
The following users have binding votes: | User |
---|---|
@Burning1020 |
Non-binding votes are also appreciated as a sign of support!
You can cast your vote by reacting to this
comment. The following reactions are supported:
In favor | Against | Abstain |
---|---|---|
π | π | π |
Please note that voting for multiple options is not allowed and those votes won't be counted.
The vote will be open for 1m
. It will pass if at least 66%
of the users with binding votes vote In favor π
. Once it's closed, results will be published here as a new comment.
The vote did not pass.
0.00%
of the users with binding vote were in favor (passing threshold: 66%
).
In favor | Against | Abstain | Not voted |
---|---|---|---|
0 | 0 | 0 | 1 |
Application contact emails
Maintainers
burning9699@gmail.com, fshb1988@gmail.com, luohl364218@gmail.com
Champions
wangzefeng@huawei.com, michael@secondstate.io
Project Summary
Kuasar(Quasar in Kubernetes) is a low-level container runtime that provides multiple sandbox container solutions.
Project Description
Isolation techniques are being integrated into containers world, including microVM, WebAssembly, application kernel, unikernel, and confidential computing. These techniques create an isolated environment for running containers. That is referred to as a "sandbox".
However, the concept of a sandbox is not well-defined in container runtimes like containerd. Its semantics are unclear and imitated by "pause container", and its management is mixed into container management . We believe it's time to introduce the concept of "sandboxer" that is for handling the sandbox lifecycle and resource management independently. Thus, Kuasar was born.
Kuasar is a low-level container runtime that offers multiple sandbox container solutions. It provides several "sandboxer" implementations for microVM, WebAssembly runtime, and application kernel sandbox. Kuasar consists of two main modules: one, called "sandboxer", handles sandbox lifecycle management, while the other, named "task", manages all containers lifecycle within a sandbox.
Kuasar features:
Org repo URL (provide if all repos under the org are in scope of the application)
https://github.com/kuasar-io
Project repo URL in scope of application
https://github.com/kuasar-io/kuasar
Additional repos in scope of the application
https://github.com/kuasar-io/containerd, https://github.com/kuasar-io/rust-extensions, https://github.com/kuasar-io/web
Website URL
https://kuasar.io/
Roadmap
https://github.com/kuasar-io/kuasar/blob/main/ROADMAP.md
Roadmap context
Kuasar is actively inviting additional sandbox technologies to join its ecosystem so these sandbox are planned in roadmap. In addition, kuasar has interests in the following features:
Contributing Guide
https://github.com/kuasar-io/kuasar/blob/main/CONTRIBUTING.md
Code of Conduct (CoC)
https://github.com/kuasar-io/kuasar/blob/main/CODE_OF_CONDUCT.md
Adopters
https://github.com/kuasar-io/kuasar/blob/main/ADOPTERS.md
Contributing or Sponsoring Org
Maintainers file
https://github.com/kuasar-io/kuasar/blob/main/MAINTAINERS.md
IP Policy
Trademark and accounts
Why CNCF?
To expand the range of sandbox runtime solutions, Kuasar maintains an open and neutral attitude towards sandbox technologies. This aligns seamlessly with CNCF's mission to foster and sustain an ecosystem of open source and vendor-neutral projects. Given CNCF's extensive user base, leveraging CNCF's platform will enable Kuasar to benefit more and more organizations and companies.
Benefit to the Landscape
Given the diversity of cloud native scenarios and user requirements, many sandbox container runtime solutions have been proposed. Supporting the simultaneous execution of these various runtimes increases the complexity of operation and maintenance. Additionally, smoothly embracing to new sandbox technology can also be challenging.
The beneift could be:
Cloud Native 'Fit'
Landscape: Runtime - Container Runtime Kuasar, as a low level container runtime on cloud computing node, will handle the specific lifecycle management of kubernetes pod, creating the sandbox environment and running containers. So it fits in "Runtime" and "Container Runtime".
TAGs: TAG Runtime The participation of Kuasar in tag-runtime group will raise discussions about the integration of sandboxes within Kubernetes, particularly in conjunction with containerd. These discussions present an opportunity to enhance the Kubernetes ecosystem, especially the WebAssembly sandbox.
Cloud Native 'Integration'
Northbound: Kuasar will interact with the high-level container runtimes implementing CRI to manage a container. Complements the following project:
Southbound: Kuasar will create a sandbox instance and start container inside it. Depends on the following project:
Cloud Native Overlap
Not just runwasi, but also kata-shim, firecracker-containerd, and runsc have their own considerations when defining the sandbox. Consequently, their diverse implementations introduce challenges for operations and maintenance engineers to toggle runtimes and identify problems. To address this, Kuasar is introduced to simplifiy the management of different sandboxes and provide some implementations based on popular sandbox.
Similar projects
containerd/runwasi support integrate kubernetes with wasm workloads, kata-containers support integrate kubernetes with lightweight VMs, gVisor/runsc support integrate kubernetes with gVisor sandbox, firecracker-containerd support integrate kubernetes with Firecracker microVMs.
Landscape
https://landscape.cncf.io/?selected=kuasar
Business Product or Service to Project separation
N/A
Project presentations
CNCF TAG Runtime Presentation: https://docs.google.com/document/d/1k7VNetgbuDNyIs_87GLQRH2W5SLgjgOhB6pDyv89MYk/edit#heading=h.otyvkecgzybr Slide: https://docs.google.com/presentation/d/1SKMaCuwJI5jU2hGkB3ns14i5xLqOolDMJZfZBW70E7k/edit#slide=id.g23d32d0c81c_0_112
Project champions
@kevin-wangzefeng @juntao
Additional information
N/A