nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Intel's Clear Containers creep toward being useful: Now plays nicer with Docker, Kubernetes

Like virtual machines but, well, like virtual machines

By Thomas Claburn, 14 Mar 2017

Intel has tweaked its Clear Containers software so that it is compatible with Docker Swarm and Kubernetes orchestration.

Virtual machines, governed by a hypervisor, enforce data isolation in hardware; containers, while less secure, can be launched and deployed faster and offer flexibility in terms of portability across machines, shared repositories, and maintenance.

Clear Containers, now at version 2.1.1, represents Intel's attempt to have the best of both worlds, to combine the security advantages of virtual machines with the deployment advantages of containers.

The software is compatible withthe Open Container Initiative (OCI) and so can integrate with Docker 1.12 (and its Swarm toolkit) via the OCI runtime method.

It relies on a kernel-based virtual machine (KVM) QEMU hypervisor, in conjunction with systemd and kernel optimizations, to minimize memory consumption while maximizing performance, at least in theory.

A version bump last month to 2.1.0 added a slew of other improvements. These include:

  • Improved host-guest communication.
  • Support for Docker exec and Docker run.
  • Additional workload isolation via namespaces.
  • Better TTY handling.
  • Support for Kubernetes pod semantics, to start Clear Containers via the Container Runtime Interface.

There's still further work to do, however. As Intel's Damien Lespiau points out in one of many GitHub issues posts, installation on Redhat Enterprise Linux requires 71 commands.

DevOps is not for the faint of heart. ®

Sign up to our Newsletter

Get IT in your inbox daily

The Register - Independent news, views and opinion for the tech sector. Part of Situation Publishing