Internet

What are Kata Containers and how to set it up on a QNAP NAS

Deepak GuptaJune 13, 2022
0

When we set up a VM on our QNAP NAS with Virtualization Station, we make use of a Hypervisor, and on top of that we install the full operating system. Once the operating system is installed, we can now install the different applications that we want. This way of virtualizing operating systems is safe and very complete, the only bad thing is that it needs more resources, even if it is just to use an application.

In the case of “Containers” such as Docker, we have a technology that will allow us to deploy multiple containers easily and quickly with light virtualization. It is very important in this scenario to properly configure the permissions for each application, otherwise we could have security problems in the virtualization architecture.

Kata Container has an architecture similar to that of the VM, but much more efficient, because it has a very light and optimized base operating system, and just above it we will have a running application that is completely isolated from the rest of the applications, without sharing the kernel. For this reason, using Kata is very safe, because all its containers are isolated from each other. If you are an end user or a company and want enhanced security, surely Kata is your best option.

VM vs Kata vs Docker comparison

The manufacturer QNAP has a comparison between the four virtualization technologies that its NAS servers currently support. In the following image, you can see both the compatibility as well as the configuration time and resource requirements:

If we compare Docker and Kata, we can see that Docker takes less time to configure and consumes less resources than Kata, so if you have a weak NAS server, it is probably more worth configuring Docker with a restrictive policy at the server level. security. In the case of having more hardware resources, Kata could be the perfect option because it is a balance between deploying a complete VM virtual machine and using Docker, but with the additional security that it offers us.

NAS Requirements

In the following image you can see a comparison of the official requirements to make the different virtualization technologies work. Without a doubt, Kata is the one that needs the most hardware resources, and it is that we will need at least 4GB of RAM to make it work, while LXD and Docker only need 1GB of RAM to make it work.

These are the minimum requirements, you must take into account that it is not possible to calculate the exact number of containers that we can work simultaneously on our server. According to QNAP, if you use QTS it is recommended to reserve 1.5GB of RAM for the operating system itself and different services, if you use QuTS hero it is recommended to reserve 50% of the total available memory, especially if you use ZFS deduplication because it has a high RAM consumption.

As a general rule, it is recommended to use a container for each virtual core of the processor and 512MB of RAM, for example:

  • QNAP TVS-h1288X: This NAS has a 6-core, 12-thread processor and a total of 24vCPU. So we could run up to 24 containers with no problem, however, the Intel Xeon W-1250 processor is very powerful, so surely you can run more containers. Regarding RAM, the installed capacity is 32GB and allows us to have up to 128GB of memory, so we have more than enough.

As you have seen, this new container technology is very interesting thanks to the additional security it provides us compared to the usual containers.

Commissioning and example of use

If you want to use Kata Containers instead of the usual Docker, we can do it very easily through Container Station. Before explaining how to install it, you should know the following:

  • To run a container you need 1 vCPU and at least 512MB of RAM.
  • No modifications can be made to the VM configuration.
  • “Network host” mode is not supported.
  • Privileged mode is not currently supported.
  • The connection of a GPU is not supported.
  • Changes to the kernel or initrd image are not supported.

Once we have this clear, we open Container Station as usual, we look for the app in the Docker section that we want, either in the list or through the search engine.

As an example, let’s install Ubuntu on Container Station. To do this, we choose “Install” in the version of Ubuntu that we want. A new menu will be displayed where we will have to choose “Runtime: kata-runtime”, in this way, we will be using this new container technology instead of using Docker. Of course, then we have to configure if we want the auto start, the vCPU configuration, maximum RAM memory and the rest of the parameters in the “Advanced Settings” section. In this advanced menu we will be able to configure the environment variables, the network, options on the device itself and also the folders shared with the container, something common with Docker.

Once we have configured it, we can see the summary of the configurations made.

In the upper right part we can see how the new container based on kata is being created, and it will indicate that it has been completed. If we go to the “Container” section we will be able to see all the containers and interact with them.

If we open the container we will be able to execute commands in our Ubuntu operating system, if we have configured the network correctly and the shared folders, we will be able to have an Ubuntu as if it were in a VM.

Other images that we have available in Container Station is Home Assistant, the popular home automation system. We will be able to deploy a container easily and quickly, as you can see below:

As you can see, now with Container Station we will be able to run any container based on Kata instead of Docker, to add greater security to our system.

Conclusions

This new container technology will provide us with greater security when deploying different containers on the same system, as the isolation and architecture is clearly better than the usual containers like Docker, as we have explained. However, we have a quite important impact on the hardware requirements, since it is necessary to have 1vCPU and 512MB of RAM for each of the containers, so a fairly powerful QNAP NAS server is necessary if we want to run dozens of containers. , something that does not happen with other technologies such as Docker.

It could be said that Kata Containers is a technology halfway between a VM like what Virtualization Station does, and the typical Docker containers. If you’re interested in trying out this new technology, you can now do so quickly and easily with QNAP Container Station, although we recommend that you do so in a test environment before moving to production.

We have other articles that may interest you:
  1. What is and how does an intrusion detection system work?
  2. Splice a network cable with the lowest possible loss with these tools
  3. Prevent the VPN from cutting out with these tips
  4. Do you have problems with Wi-Fi? Avoid it with these offers
  5. Anyone can steal your Chrome accounts with this, protect yourself
  6. Google Cloud arrives in Spain; Why is it so important
Deepak GuptaJune 13, 2022
0

Related Articles

YouTube censors videos on ethical hacking that are for educational purposes

November 5, 2021

Activate Dropbox’s two-step verification and improve your security

October 16, 2021

So you could be left without your Google account due to a hack

November 15, 2021

6 cybersecurity tips for women

October 15, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *