QuarkContainers：用于无服务器的高性能安全容器 | KC23

QuarkContainers: High Performance Secure Container for Serverless - Shaobao Feng, Huawei Cloud

QuarkContainers：用于无服务器的高性能安全容器 | QuarkContainers: High Performance Secure Container for Serverless - Shaobao Feng, Huawei Cloud

当前的Runc容器运行时无法满足无服务器计算的要求：1. 容器应该具有强大的隔离性。2. 开销应该足够小，以支持在单个主机上运行数千个实例。3. 启动时间应小于100毫秒。4. 性能降低，特别是IO和网络，应该足够小以被忽略。在本次会议中，我们将介绍如何对Quark容器上的安全容器进行性能增强：1. 如何通过rust在KVM中实现应用内核以及它带来的好处。2. 如何使用io_uring和RDMA修复IO和网络性能降低的缺陷。3. 如何通过“休眠”加速容器的启动，该方法通过停止vCPU并交换页面来实现。4. 如何通过将Quark集成到Kuasar中来移除shim进程。

Current Container Runtime of Runc can not meet the requirements of Serverless Computing: 1. Containers should be strongly isolated. 2. The overhead should be small enough to support running thousands of instances on a single host. 3. The start up time should be smaller than 100ms. 4. The performance degradation especially the IO and network, should be small to be ignored. In this session we will introduce how to make the performance enhancements we did for secure container on Quark Container, which is an open source secure container: 1. How to implement an application kernel by KVM in rust, and the benefits it brings. 2. How io_uring and RDMA fix the defect of the IO and network performance degradation. 3. How to accelerate the container startup by "Hibernating", which is implemented by stopping the vCPU and swapping out the pages. 4. How to remove the shim processes by integrating Quark it into Kuasar.

CNCF概况（幻灯片）

扫描二维码联系我们！

CNCF (Cloud Native Computing Foundation)成立于2015年12月，隶属于Linux  Foundation，是非营利性组织。 

CNCF（云原生计算基金会）致力于培育和维护一个厂商中立的开源生态系统，来推广云原生技术。我们通过将最前沿的模式民主化，让这些创新为大众所用。请关注CNCF微信公众号。