search

Burning1020 / sandbox

Applications for Sandbox go here! β³πŸ“¦πŸ§ͺ
Apache License 2.0
0 stars 0 forks source link

[Sandbox] Kuasar #1

Open Burning1020 opened 1 year ago

Burning1020 commented 1 year ago

Application contact emails

Maintainers

burning9699@gmail.com, fshb1988@gmail.com, luohl364218@gmail.com

Champions

wangzefeng@huawei.com, michael@secondstate.io

Project Summary

Kuasar(Quasar in Kubernetes) is a low-level container runtime that provides multiple sandbox container solutions.

Project Description

Isolation techniques are being integrated into containers world, including microVM, WebAssembly, application kernel, unikernel, and confidential computing. These techniques create an isolated environment for running containers. That is referred to as a "sandbox".

However, the concept of a sandbox is not well-defined in container runtimes like containerd. Its semantics are unclear and imitated by "pause container", and its management is mixed into container management . We believe it's time to introduce the concept of "sandboxer" that is for handling the sandbox lifecycle and resource management independently. Thus, Kuasar was born.

Kuasar is a low-level container runtime that offers multiple sandbox container solutions. It provides several "sandboxer" implementations for microVM, WebAssembly runtime, and application kernel sandbox. Kuasar consists of two main modules: one, called "sandboxer", handles sandbox lifecycle management, while the other, named "task", manages all containers lifecycle within a sandbox.

Kuasar features:

Org repo URL (provide if all repos under the org are in scope of the application)

https://github.com/kuasar-io

Project repo URL in scope of application

https://github.com/kuasar-io/kuasar

Additional repos in scope of the application

https://github.com/kuasar-io/containerd, https://github.com/kuasar-io/rust-extensions, https://github.com/kuasar-io/web

Website URL

https://kuasar.io/

Roadmap

https://github.com/kuasar-io/kuasar/blob/main/ROADMAP.md

Roadmap context

Kuasar is actively inviting additional sandbox technologies to join its ecosystem so these sandbox are planned in roadmap. In addition, kuasar has interests in the following features:

Contributing Guide

https://github.com/kuasar-io/kuasar/blob/main/CONTRIBUTING.md

Code of Conduct (CoC)

https://github.com/kuasar-io/kuasar/blob/main/CODE_OF_CONDUCT.md

Adopters

https://github.com/kuasar-io/kuasar/blob/main/ADOPTERS.md

Contributing or Sponsoring Org

Contributing or Sponsoring Org
Huawei
Agricultural Bank of China
WasmEdge
openEuler
QuarkContainer

Maintainers file

https://github.com/kuasar-io/kuasar/blob/main/MAINTAINERS.md

IP Policy

Trademark and accounts

Why CNCF?

To expand the range of sandbox runtime solutions, Kuasar maintains an open and neutral attitude towards sandbox technologies. This aligns seamlessly with CNCF's mission to foster and sustain an ecosystem of open source and vendor-neutral projects. Given CNCF's extensive user base, leveraging CNCF's platform will enable Kuasar to benefit more and more organizations and companies.

Benefit to the Landscape

Given the diversity of cloud native scenarios and user requirements, many sandbox container runtime solutions have been proposed. Supporting the simultaneous execution of these various runtimes increases the complexity of operation and maintenance. Additionally, smoothly embracing to new sandbox technology can also be challenging.

The beneift could be:

  1. Kuasar allows users to customize sandbox container runtime solutions according to their specific needs. Its unified sandbox abstraction simplifies operation maintenance and solves the problem of integrating of new sandbox technologies.
  2. Kuasar's emergence promotes a tighter integration of sandbox isolation technology with Kubernetes, fostering further development in both domains.
  3. The participation of Kuasar also enriches the container runtime of CNCF landscape, attracting a more extensive community of developers and users.

Cloud Native 'Fit'

Landscape: Runtime - Container Runtime Kuasar, as a low level container runtime on cloud computing node, will handle the specific lifecycle management of kubernetes pod, creating the sandbox environment and running containers. So it fits in "Runtime" and "Container Runtime".

TAGs: TAG Runtime The participation of Kuasar in tag-runtime group will raise discussions about the integration of sandboxes within Kubernetes, particularly in conjunction with containerd. These discussions present an opportunity to enhance the Kubernetes ecosystem, especially the WebAssembly sandbox.

Cloud Native 'Integration'

Northbound: Kuasar will interact with the high-level container runtimes implementing CRI to manage a container. Complements the following project:

Southbound: Kuasar will create a sandbox instance and start container inside it. Depends on the following project:

Cloud Native Overlap

Not just runwasi, but also kata-shim, firecracker-containerd, and runsc have their own considerations when defining the sandbox. Consequently, their diverse implementations introduce challenges for operations and maintenance engineers to toggle runtimes and identify problems. To address this, Kuasar is introduced to simplifiy the management of different sandboxes and provide some implementations based on popular sandbox.

Similar projects

containerd/runwasi support integrate kubernetes with wasm workloads, kata-containers support integrate kubernetes with lightweight VMs, gVisor/runsc support integrate kubernetes with gVisor sandbox, firecracker-containerd support integrate kubernetes with Firecracker microVMs.

Landscape

https://landscape.cncf.io/?selected=kuasar

Business Product or Service to Project separation

N/A

Project presentations

CNCF TAG Runtime Presentation: https://docs.google.com/document/d/1k7VNetgbuDNyIs_87GLQRH2W5SLgjgOhB6pDyv89MYk/edit#heading=h.otyvkecgzybr Slide: https://docs.google.com/presentation/d/1SKMaCuwJI5jU2hGkB3ns14i5xLqOolDMJZfZBW70E7k/edit#slide=id.g23d32d0c81c_0_112

Project champions

@kevin-wangzefeng @juntao

Additional information

N/A

kevin-wangzefeng commented 1 year ago

Contributing or Sponsoring Org

Huawei ABC WasmEdge openEuler QuarkContainer

kevin-wangzefeng commented 1 year ago

Cloud Native 'Fit'

add TAG-runtime

Cloud Native 'Integration'

Please include in-CNCF projects and out-of-CNCF projects

Cloud Native Overlap

N/A

Project presentations

update after presentation make to TAG-runtime

Burning1020 commented 6 months ago

/vote-sandbox

Burning1020 commented 6 months ago

/vote-sandbox

git-vote[bot] commented 6 months ago

Something went wrong while processing the configuration file:

teams in allowed voters can only be used in organizations
Burning1020 commented 6 months ago

/vote-sandbox

git-vote[bot] commented 6 months ago

The requested configuration profile was not found in the configuration file.

Burning1020 commented 6 months ago

/vote-sandbox

git-vote[bot] commented 6 months ago

Vote created

@Burning1020 has called for a vote on [Sandbox] Kuasar (#1).

The following users have binding votes: User
@Burning1020

Non-binding votes are also appreciated as a sign of support!

How to vote

You can cast your vote by reacting to this comment. The following reactions are supported:

In favor Against Abstain
πŸ‘ πŸ‘Ž πŸ‘€

Please note that voting for multiple options is not allowed and those votes won't be counted.

The vote will be open for 1m. It will pass if at least 66% of the users with binding votes vote In favor πŸ‘. Once it's closed, results will be published here as a new comment.

git-vote[bot] commented 6 months ago

Vote closed

The vote did not pass.

0.00% of the users with binding vote were in favor (passing threshold: 66%).

Summary

In favor Against Abstain Not voted
0 0 0 1