Virtual Machines in a Container World

Container Native Virtualization provides a way to transition application components which can’t be directly containerized into a Kubernetes system. Key points to note here is, It :-

• Integrates directly into existing k8s clusters
• Follows Kubernetes paradigms:** Container Networking Interface (CNI)?

** Container Storage Interface (CSI)

** Custom Resource Definitions (CRD, CR)

• Schedule, connect, and consume VM resources as container-native

• Operators are a Kubernetes-native way to introduce new capabilities
• New CustomResourceDefinitions (CRDs) for native VM integration, for example:** VirtualMachine** VirtualMachineInstance** VirtualMachineInstanceMigration** DataVolume

Effectively below picture demonstrate, how containerised VM looks like in Kubernetes world.

Few terms to understand:-

Kubernetes resources

Every VM runs in a launcher pod. The launcher process will supervise, using libvirt, and provide pod integration.

Red Hat Enterprise Linux

The libvirt and qemu from RHEL are mature, have high performance, provide stable abstractions, and have a minimal overhead.

Security - Defense in depth

Immutable RHCOS by default, SELinux MCS, plus KVM isolation - inherited from the Red Hat Portfolio stack

Virtual Machines connected to pod networks are accessible using standard Kubernetes methods:

• i.e. Service, Route & Ingress
• Network policies apply to VM pods the same as application pods
• VM-to-pod, and vice-versa, communication happens over SDN or ingress depending on network connectivity

References

https://www.redhat.com/en/technologies/cloud-computing/openshift/virtualization