Build Your Own Cloud: Virtualization Made Easy with Kubernetes

In our series on building your own cloud with the Kubernetes ecosystem, we continue our journey today. In the previous article, we explained how to prepare a basic Kubernetes distribution based on Talos Linux and Flux CD. In this article, we will show you various virtualization technologies in Kubernetes and prepare everything you need to run virtual machines in Kubernetes—particularly in the areas of storage and networking.

But why are virtual machines necessary, and why can’t we just use Docker containers to build a cloud? The reason is simple: containers do not offer the necessary level of isolation. Even though the situation improves year by year, we often encounter vulnerabilities that allow escaping the container sandbox and escalating privileges within the system.

Kubernetes was not originally designed as a multi-tenant system. This means the basic usage pattern is to create a separate Kubernetes cluster for each independent project and development team. Virtual machines are the primary means of isolating tenants in a cloud environment. In virtual machines, users can run code and programs with administrative rights without affecting other tenants or the environment itself. In other words, virtual machines enable strict multi-tenant isolation and can be operated in environments where tenants do not trust each other.

Virtualization Technologies in Kubernetes

There are various technologies that bring virtualization into the Kubernetes world: KubeVirt and Kata Containers are the most well-known. It is important to know that they function differently.

Kata Containers implements the CRI (Container Runtime Interface) and provides an additional level of isolation for standard containers by running them in virtual machines. However, they operate within the same Kubernetes cluster.

KubeVirt allows the execution of traditional virtual machines via the Kubernetes API. Virtual machines in KubeVirt are run as regular Linux processes in containers. In other words, in KubeVirt, a container is used as a sandbox for running virtual machine (QEMU) processes. This becomes clear in the following diagram when we look at how live migration of virtual machines is implemented in KubeVirt. When migration is required, the virtual machine is moved from one container to another.

There is also an alternative project - Virtink, which implements lightweight virtualization with Cloud-Hypervisor and originally aims to run virtual Kubernetes clusters via the Cluster API.

Considering our goals, we have decided to use KubeVirt as the most well-known project in this area. Additionally, we have extensive expertise and have already made many contributions to KubeVirt.

KubeVirt is easy to install and allows you to run virtual machines immediately with the containerDisk feature—this allows VM images to be stored and distributed directly as OCI images.

In collaboration with ayedo, an experienced Kubernetes partner, you can realize your cloud dreams and optimally leverage the benefits of virtualization in Kubernetes.

Source: Kubernetes Blog