Skip to content

Feature/lab12#868

Open
Sarantsev wants to merge 8 commits into
inno-devops-labs:mainfrom
Sarantsev:feature/lab12
Open

Feature/lab12#868
Sarantsev wants to merge 8 commits into
inno-devops-labs:mainfrom
Sarantsev:feature/lab12

Conversation

@Sarantsev
Copy link
Copy Markdown

@Sarantsev Sarantsev commented Apr 27, 2026

Goal

Install and evaluate Kata Containers (v3.29.0) as a VM-backed container runtime alongside the default runc runtime. Run OWASP Juice Shop under runc and compare isolation, security boundaries, and performance characteristics between the two runtimes.

Changes

  • labs/lab12/setup/kata-built-version.txt — Kata shim version proof
  • labs/lab12/runc/health.txt — juice-runc HTTP 200 health check
  • labs/lab12/kata/ — Kata container test outputs (uname, kernel, cpu)
  • labs/lab12/analysis/ — kernel and CPU comparison artifacts
  • labs/lab12/isolation/ — dmesg, /proc, network, and kernel module isolation tests
  • labs/lab12/bench/ — startup time comparison and HTTP latency baseline
  • labs/submission12.md — full write-up with analysis and security discussion

Testing

  • Kata shim installed from kata-static-3.29.0-amd64.tar.zst and verified with containerd-shim-kata-v2 --version
  • containerd configured with io.containerd.kata.v2 runtime via configure-containerd-kata.sh
  • sudo nerdctl run --rm --runtime io.containerd.kata.v2 alpine:3.19 uname -a confirmed guest kernel 6.18.15 ≠ host kernel 6.8.0-110-generic
  • juice-runc confirmed HTTP 200 on port 3012
  • 50-request HTTP latency baseline: avg 1.1ms, min 0.7ms, max 2.3ms
  • runc startup: ~0.25s; Kata startup: ~3.8s (15× slower, expected for VM boot)

Artifacts & Screenshots

Artifact Contents
setup/kata-built-version.txt containerd-shim-kata-v2 version: 3.29.0
runc/health.txt juice-runc: HTTP 200
kata/kernel.txt 6.18.15 (Kata guest kernel, vs host 6.8.0-110-generic)
analysis/kernel-comparison.txt Side-by-side kernel version comparison
isolation/dmesg.txt Kata VM boot log proving separate kernel instance
isolation/proc.txt Host: 505 entries; Kata VM: 29 entries
isolation/modules.txt Host: 343 modules; Kata guest: 18 modules
bench/startup.txt runc: 0.248s, Kata: 3.812s
bench/http-latency.txt avg=0.0011s min=0.0007s max=0.0023s n=50

Checklist

  • PR has a clear, descriptive title
  • Documentation is updated
  • No secrets or sensitive data
  • Task 1 — Kata install + runtime config
  • Task 2 — runc vs kata runtime comparison
  • Task 3 — Isolation tests
  • Task 4 — Basic performance snapshot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Sarantsev