Kata Containers is an open source project that seeks to enhance security for containers by isolating them in lightweight VMs. Each Kata Container runs with the speed and flexibility of standard containers, and it easily integrates with common container management software—including Docker and Kubernetes. By also using hardware virtualization to isolate network, I/O, and memory, Kata Containers enjoy the same security advantages of VMs, making them a good fit for sensitive financial workloads, multi-tenanted workloads in the cloud, or any other workloads that benefit from extra security and isolation.
Wrapping each container in its own VM improves security, but adding this isolation layer can also impact some mechanisms that observability platforms use to capture telemetry signals. Despite these technical challenges, if you are thinking about moving workloads to Kata Containers, you will still need to collect observability data from those workloads to verify that they are running properly and performing well. Only then will you be able to detect problems such as high latency in your secure applications as soon as they appear.
Datadog is pleased to announce its support for Kata Containers as of Datadog Agent v7.51. This means that you can now use Datadog to visualize and alert on the metrics, traces, and logs from your Kata Containers alongside the performance data from the rest of your containerized environment.
Getting started with Kata Containers
To run Kata Containers, you can use a bare metal host or a VM platform, but the VM platform needs to support either nested virtualization or pod sandboxing. If your host system does support Kata Containers (which you can verify via kata-check), you can run them within your existing container clusters.
Once your Kata Containers are up and running, to begin observing these workloads with Datadog, you need only to install the latest version of the Datadog Agent by running the installation command for your platform. (For the Datadog Docker Agent, read our documentation for information on how to pull the latest image and install the Agent.)
Use Datadog to visualize metrics, traces, and logs from your Kata Containers
Datadog is able to support Kata Containers by collecting telemetry through built-in containerd endpoints. This means that after you install the latest version of the Agent, you can begin collecting and visualizing Kata Container metrics, traces, and logs within the Datadog platform immediately, without additional set-up. For example, the following image shows a trace for a containerized application that is hosted in a Kata Container.
Similarly, the following image shows logs in Datadog that are automatically captured from a Kata Containers workload after the latest version of the Agent is installed.
Viewing this telemetry data within the Datadog platform provides many benefits, such as allowing Watchdog to automatically detect anomalies that require your attention in your secure workloads. Datadog also automatically imports labels from Docker and Kubernetes and then uses that information to tag each container, allowing you to sort and filter monitoring data to view only what you need. By further tagging Kata Containers data, you can additionally consolidate that data in visualizations to compare its performance against other containerized data—or compare performance of individual Kata Containers against each other.
Easily troubleshoot your secure Kata Containers workloads with Datadog
Kata Containers is a novel technology that uses hardware virtualization to offer a new high-security option for containerized workloads—all while maintaining the speed, flexibility, and ease of management of traditional containers. You can now begin testing your workloads in Kata Containers and easily view their metrics, traces, and logs within Datadog—with all of its added benefits—alongside the rest of your observability data.
To learn more about the Kata Containers project, you can view its official documentation on GitHub. If you don’t already have a Datadog account, you can sign up for a 14-day free trial to get started.