mirrors/krata
1
0
Fork 0
mirror of https://github.com/edera-dev/krata.git synced 2025-08-03 21:21:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mirrors:anners/readme-update
Branches Tags
mirrors:main mirrors:release-plz-2024-12-14T23-57-15Z mirrors:anners/add-links mirrors:anners/readme-update mirrors:chore/GHA-061822-stepsecurity-remediation mirrors:dependabot/cargo/cargo-e172b8957c mirrors:dependabot/github_actions/actions-updates-9a49b4cf66 mirrors:dependabot/cargo/dep-updates-b2b0eca2a6 mirrors:release-plz-2024-09-17T03-42-05Z mirrors:release-plz-2024-09-16T06-15-10Z
mirrors:v0.0.24 mirrors:v0.0.23 mirrors:v0.0.21 mirrors:v0.0.20 mirrors:v0.0.19 mirrors:v0.0.18 mirrors:v0.0.17 mirrors:v0.0.16 mirrors:v0.0.15 mirrors:v0.0.14 mirrors:v0.0.13 mirrors:v0.0.12 mirrors:v0.0.11 mirrors:v0.0.10 mirrors:v0.0.9 mirrors:v0.0.8 mirrors:v0.0.7 mirrors:v0.0.6 mirrors:v0.0.5 mirrors:v0.0.4 mirrors:v0.0.3
..
compare: mirrors:release-plz-2024-12-14T23-57-15Z
Branches Tags
mirrors:release-plz-2024-12-14T23-57-15Z mirrors:main mirrors:anners/add-links mirrors:anners/readme-update mirrors:chore/GHA-061822-stepsecurity-remediation mirrors:dependabot/cargo/cargo-e172b8957c mirrors:dependabot/github_actions/actions-updates-9a49b4cf66 mirrors:dependabot/cargo/dep-updates-b2b0eca2a6 mirrors:release-plz-2024-09-17T03-42-05Z mirrors:release-plz-2024-09-16T06-15-10Z
mirrors:v0.0.24 mirrors:v0.0.23 mirrors:v0.0.21 mirrors:v0.0.20 mirrors:v0.0.19 mirrors:v0.0.18 mirrors:v0.0.17 mirrors:v0.0.16 mirrors:v0.0.15 mirrors:v0.0.14 mirrors:v0.0.13 mirrors:v0.0.12 mirrors:v0.0.11 mirrors:v0.0.10 mirrors:v0.0.9 mirrors:v0.0.8 mirrors:v0.0.7 mirrors:v0.0.6 mirrors:v0.0.5 mirrors:v0.0.4 mirrors:v0.0.3

3 Commits
anners/rea ... release-pl

Author SHA1 Message Date
edera-cultivation[bot]
33c9c625c9 chore: release v0.0.25 2025-07-03 20:38:49 +00:00
Ann Wallace
a58bb3b0fb added links in the tech overview (#475) 2025-07-03 20:34:27 +00:00
Ann Wallace
699c2e09ef added a technical overview and added a link in the readme (#474) 2025-07-03 14:46:02 +00:00
6 changed files with 29 additions and 14 deletions
Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
## [0.0.25](https://github.com/edera-dev/krata/compare/v0.0.24...v0.0.25) - 2025-07-03
### Other
- update Cargo.toml dependencies
## [0.0.24](https://github.com/edera-dev/krata/compare/v0.0.23...v0.0.24) - 2024-12-14 ## [0.0.24](https://github.com/edera-dev/krata/compare/v0.0.23...v0.0.24) - 2024-12-14
### Added ### Added

12
Cargo.lock generated
View File

@ -259,7 +259,7 @@ checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
[[package]] [[package]]
name = "krata-xencall" name = "krata-xencall"
version = "0.0.24" version = "0.0.25"
dependencies = [ dependencies = [
"env_logger", "env_logger",
"libc", "libc",
@ -271,7 +271,7 @@ dependencies = [
[[package]] [[package]]
name = "krata-xenclient" name = "krata-xenclient"
version = "0.0.24" version = "0.0.25"
dependencies = [ dependencies = [
"async-trait", "async-trait",
"bit-vec", "bit-vec",
@ -289,7 +289,7 @@ dependencies = [
[[package]] [[package]]
name = "krata-xenevtchn" name = "krata-xenevtchn"
version = "0.0.24" version = "0.0.25"
dependencies = [ dependencies = [
"byteorder", "byteorder",
"libc", "libc",
@ -301,7 +301,7 @@ dependencies = [
[[package]] [[package]]
name = "krata-xengnt" name = "krata-xengnt"
version = "0.0.24" version = "0.0.25"
dependencies = [ dependencies = [
"libc", "libc",
"nix", "nix",
@ -310,7 +310,7 @@ dependencies = [
[[package]] [[package]]
name = "krata-xenplatform" name = "krata-xenplatform"
version = "0.0.24" version = "0.0.25"
dependencies = [ dependencies = [
"async-trait", "async-trait",
"elf", "elf",
@ -330,7 +330,7 @@ dependencies = [
[[package]] [[package]]
name = "krata-xenstore" name = "krata-xenstore"
version = "0.0.24" version = "0.0.25"
dependencies = [ dependencies = [
"byteorder", "byteorder",
"env_logger", "env_logger",

2
Cargo.toml
View File

@ -10,7 +10,7 @@ members = [
resolver = "2" resolver = "2"
[workspace.package] [workspace.package]
version = "0.0.24" version = "0.0.25"
homepage = "https://krata.dev" homepage = "https://krata.dev"
license = "GPL-2.0-or-later" license = "GPL-2.0-or-later"
repository = "https://github.com/edera-dev/krata" repository = "https://github.com/edera-dev/krata"

6
crates/xen/xenclient/Cargo.toml
View File

@ -13,9 +13,9 @@ async-trait = { workspace = true }
bit-vec = { workspace = true } bit-vec = { workspace = true }
indexmap = { workspace = true } indexmap = { workspace = true }
log = { workspace = true } log = { workspace = true }
krata-xencall = { path = "../xencall", version = "^0.0.24" } krata-xencall = { path = "../xencall", version = "^0.0.25" }
krata-xenplatform = { path = "../xenplatform", version = "^0.0.24" } krata-xenplatform = { path = "../xenplatform", version = "^0.0.25" }
krata-xenstore = { path = "../xenstore", version = "^0.0.24" } krata-xenstore = { path = "../xenstore", version = "^0.0.25" }
regex = { workspace = true } regex = { workspace = true }
thiserror = { workspace = true } thiserror = { workspace = true }
tokio = { workspace = true } tokio = { workspace = true }

2
crates/xen/xenplatform/Cargo.toml
View File

@ -14,7 +14,7 @@ elf = { workspace = true }
flate2 = { workspace = true } flate2 = { workspace = true }
libc = { workspace = true } libc = { workspace = true }
log = { workspace = true } log = { workspace = true }
krata-xencall = { path = "../xencall", version = "^0.0.24" } krata-xencall = { path = "../xencall", version = "^0.0.25" }
memchr = { workspace = true } memchr = { workspace = true }
nix = { workspace = true } nix = { workspace = true }
regex = { workspace = true } regex = { workspace = true }

15
technical-overview.md
View File

@ -10,24 +10,26 @@ And because Edera doesnt rely on nested virtualization, it runs wherever cont
## How Edera Works ## How Edera Works
At its core, Edera uses a custom hypervisor based on Xen, with key components rewritten in Rust for safety, performance, and maintainability. Edera introduces the concept of **zones**—independent, fast-booting virtual machines that serve as security boundaries for container workloads. At its core, Edera uses a [custom hypervisor](https://edera.dev/stories/rust-or-bust-our-rewrite-of-the-xen-control-plane) based on [Xen](https://edera.dev/stories/why-edera-built-on-xen-a-secure-container-foundation), with key components rewritten in Rust for safety, performance, and maintainability. Edera introduces the concept of **zones**—independent, fast-booting virtual machines that serve as security boundaries for container workloads.
Each zone runs its own Linux kernel and minimal init system. The kernel and other system components are delivered via OCI images, keeping things composable, cacheable, and consistent. Each zone runs its own Linux kernel and minimal init system. The kernel and other system components are delivered via OCI images, keeping things composable, cacheable, and consistent.
Zones are paravirtualized using the Xen PV protocol. This keeps them lightweight and fast—no hardware virtualization required. But when hardware support is available (e.g., on x86 with VT-x), Edera uses it to get near bare-metal performance. Zones are [paravirtualized](https://docs.edera.dev/concepts/paravirtualization/) using the Xen PV protocol. This keeps them lightweight and fast—no hardware virtualization required. But when hardware support is available (e.g., on x86 with VT-x), Edera uses it to get near bare-metal performance.
## How Edera Runs & Secures Containers ## How Edera Runs & Secures Containers
Edera allows you to compose your infrastructure the same way you compose workloads: using OCI images. Edera allows you to compose your infrastructure the same way you compose workloads: using OCI images.
Each zone consumes a small number of OCI images: Each zone consumes a small number of OCI images:
- A **kernel image** that provides the zone kernel. - A **kernel image** that provides the zone kernel.
- One or more **system extension images** that provide init systems, utilities, and kernel modules. - One or more **system extension images** that provide init systems, utilities, and kernel modules.
- Optionally, **driver zones**—zones that provide shared services (like networking) to other zones. - Optionally, **driver zones**—zones that provide shared services (like networking) to other zones.
Inside each zone, container workloads run via a minimal OCI runtime called **Styrolite**, written in Rust. Unlike traditional setups (like Kata Containers, which layer containerd and runc as external processes), Styrolite is embedded inside the zone itself. Inside each zone, container workloads run via a minimal OCI runtime called [**Styrolite**]((https://github.com/edera-dev/styrolite/)), written in Rust. Unlike traditional setups (like Kata Containers, which layer containerd and runc as external processes), Styrolite is embedded inside the zone itself.
### Key Benefits of This Design ### Key Benefits of This Design
- No external container runtime processes - No external container runtime processes
- Zone init system directly manages containers - Zone init system directly manages containers
- Minimal attack surface, optimized for secure execution - Minimal attack surface, optimized for secure execution
@ -68,19 +70,26 @@ This causes the pod to be scheduled to a node running Ederas hypervisor. The
An Edera zone is a minimal VM built from OCI-delivered components. At launch time, the Edera daemon unpacks: An Edera zone is a minimal VM built from OCI-delivered components. At launch time, the Edera daemon unpacks:
### Kernel Image ### Kernel Image
Located under `/kernel` in the OCI image: Located under `/kernel` in the OCI image:
- `image`: the Linux kernel (vmlinuz) - `image`: the Linux kernel (vmlinuz)
- `metadata`: key-value pairs for boot parameters - `metadata`: key-value pairs for boot parameters
- `addons.squashfs`: includes kernel modules in `/modules` - `addons.squashfs`: includes kernel modules in `/modules`
- `config.gz`: the kernel configuration file - `config.gz`: the kernel configuration file
### Initramfs Contents ### Initramfs Contents
Packaged in a CPIO archive, typically mounted from: Packaged in a CPIO archive, typically mounted from:
`usr/lib/edera/protect/zone/initrd` `usr/lib/edera/protect/zone/initrd`
The initramfs includes: The initramfs includes:
- `/init`: static Rust binary that initializes the zone - `/init`: static Rust binary that initializes the zone
- `/bin/styrolite`: embedded container runtime - `/bin/styrolite`: embedded container runtime
- `/bin/zone`: control plane for managing containers and services via IDM (inter-domain messaging) - `/bin/zone`: control plane for managing containers and services via IDM (inter-domain messaging)
This structure lets Edera launch zones rapidly, with well-defined boundaries and no dependency on the host OS kernel. Everything the workload touches is defined, versioned, and validated. This structure lets Edera launch zones rapidly, with well-defined boundaries and no dependency on the host OS kernel. Everything the workload touches is defined, versioned, and validated.
---
If you want to know more check out our [docs site](https://docs.edera.dev)