Lei Zhilong

The best way to input is to output

Sep 4, 2018 - 1 minute read - Comments - Go Container

gVisor VS Kata Container

Kata Container

  • Full Kernel
  • Lets system calls go through freely
  • Performance penalty due to the VM layer. Not clear yet how slower or faster than gVisor
  • On paper, slower startup time.
  • Can run in nested virtualized environments if the hypervisor and hardware support it.

gVisor

  • Partial Kernel
  • Intercepts syscalls
  • Performance penalty at runtime due to syscall filtering. Not clear how slower or faster than Kata yet.
  • On paper, faster startup time.
  • On paper, you may not need nested virtualization.

Reference

Original discussion:

https://stackoverflow.com/questions/50143367/kata-container-vs-gvisor

Posted by leizhilong Tags: gVisor Kata

First Post Using Hugo K8s Reliability doc from kubespray

comments powered by Disqus