logo

High Performance Secure Container: Quark

Conference:  ContainerCon 2022

2022-06-24

Authors:   Ying Xiong, Yulin Sun


Abstract

Quark container is one new secure container runtime as Kata runtime and gVisor. It is a high-performance OCI compatible secure container runtime developed by Rust program language with low memory footprint and startup overhead. It is designed for containerized service execution running in the Data Center and Edge environment. Quark is based on System Call virtualization. Compare with Linux VM based virtualization, it adopts multiple performance improvements such as zero memory copy QCall to avoid Hypercall’s communication overhead between Guest Kernel and Host; Linux host io-uring based IO virtualization. It also support RDMA based container network which transparently execute TCP based containerized application over RDMA to achieve low latency and high throughput. The talk will introduce Quark container architecture together with the secure container design challenge and opportunity.

Materials: