lxd VS kata-containers

Compare lxd vs kata-containers and see what are their differences.

lxd

Powerful system container and virtual machine manager (by canonical)

kata-containers

Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/ (by kata-containers)
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
lxd kata-containers
7 14
4,403 5,763
0.4% 2.6%
10.0 9.9
2 days ago 1 day ago
Go Rust
GNU Affero General Public License v3.0 Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

lxd

Posts with mentions or reviews of lxd. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-07-31.
  • Running NixOS Guests on QEMU
    3 projects | dev.to | 31 Jul 2024
    Running NixOS on a virtual machine (VM) is a safe and reproducible way to test such configurations. As for VMs, I have used VirtualBox, Vagrant and lxd in the past. However, I have found QEMU to be the simplest and most flexible solution for my needs.
  • Canonical re-licenses LXD under AGPLv3, slaps a CLA on top
    1 project | news.ycombinator.com | 12 Dec 2023
    Please correct me if I'm wrong, but the post also links the "add Canonical CLA check #12665" [0], and my understanding is that "retain copyright" here is like a typical forum agreement where you going forward must agree to a perpetual worldwide unlimited license to Canonical that they can use as they please per [1]:

    >In effect, you’re giving us a licence, but you still own the copyright — so you retain the right to modify your code and use it in other projects.

    You explicitly do retain ownership, so you can then take that same code and contribute it elsewhere under any license you wish. The same author could contribute the same patch to both the LXD and the Incus fork. But some might object to being required to allow Canonical to specially license as they want.

    So your characterization seems unfair, and then gets kind of nasty at the end:

    >The author is pissed off because he can't build custom versions without redistributing the modifications

    Incus is a full fork, and Canonical has apparently been taking changes back from it as well as is often the case with such forks where both sides get value from each other. It's perfectly understandable for some folks to be bummed if that's no longer the case, and there is nothing evil about the Apache2 license. There's plenty of history that in OSS going back to the beginning, no need for insinuations or attacks.

    ----

    0: https://github.com/canonical/lxd/pull/12665/commits/eb5c773d...

    1: https://ubuntu.com/legal/contributors

  • Vm and hypervisor
    1 project | /r/homelab | 10 Dec 2023
    You could consider LXD which lets you easily run both containers and VMs: https://ubuntu.com/lxd
  • LXD Moves into Canonical
    3 projects | news.ycombinator.com | 6 Jul 2023
    I hope this doesn't affect LXC negatively.

    LXC and LXD share plenty of contributors.

    https://github.com/lxc/lxc/graphs/contributors

    https://github.com/canonical/lxd/graphs/contributors

    I use an "unprivileged LXC container" setup on several Debian bullseye hosts. It works fantastic, and each LXC container feels like a real server.

    Compare that to Docker's "one-container-one-process" philosophy, reinventing the wheel by awkwardly composing multiple containers.

  • LXD Has been moved to Canonical
    1 project | /r/LXD | 6 Jul 2023
    [1] https://linuxcontainers.org/lxd/
    1 project | /r/opensource | 5 Jul 2023
  • LXD is now under Canonical
    3 projects | /r/LXD | 4 Jul 2023
    The expected changes are: - https://github.com/lxc/lxd will now become https://github.com/canonical/lxd - https://linuxcontainers.org/lxd will disappear and be replaced with a mention directing users to https://ubuntu.com/lxd - The LXD YouTube channel will be handed over to the Canonical team - The LXD section on the LinuxContainers community forum will slowly be sunset in favor of the Ubuntu Discourse forum run by Canonical - The LXD CI infrastructure will be moved under Canonical’s care - Image building for Linux Containers will no longer be relying on systems provided by Canonical, limiting image building to x86_64 and aarch64.

kata-containers

Posts with mentions or reviews of kata-containers. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-10-29.
  • Comparing 3 Docker container runtimes - Runc, gVisor and Kata Containers
    5 projects | dev.to | 29 Oct 2024
    I bet the first thing you think that it is a bug. There is an issue on GitHub where someone thought the same. The fact is that Kata containers are different and there are Limitations. The first I noticed too, that there is no way to share process or network namespaces between Docker containers. The fact that you cannot use the process namespace or network namespace of the host is easily understandable because we have a VM and not just a host kernel isolating our processes.
  • Unfashionably secure: why we use isolated VMs
    6 projects | news.ycombinator.com | 25 Jul 2024
    > I actually wonder how much "overhead" a VM actually has. i.e. a linux kernel that doesn't do anything (say perhaps just boots to an init that mounts proc and every n seconds read in/prints out /proc/meminfo) how much memory would the kernel actually be using?

    There's already some memory sharing available using DAX in Kata Containers at least: https://github.com/kata-containers/kata-containers/blob/main...

  • My VM is lighter (and safer) than your container
    12 projects | news.ycombinator.com | 14 May 2024
  • Maestro: A Linux-compatible kernel in Rust
    7 projects | news.ycombinator.com | 3 Jan 2024
  • Fly Kubernetes
    2 projects | news.ycombinator.com | 18 Dec 2023
    Seems like Fly.io Machines are trying reimplement Kata Containers with the Firecracker backend [0].

    Kata has a guest image and guest agent to run multiple isolated containers [1].

    [0] https://katacontainers.io/

    [1] https://github.com/kata-containers/kata-containers/blob/main...

  • Kata Containers: Virtual Machines (VMs) that feel and perform like containers
    4 projects | news.ycombinator.com | 17 Jul 2023
    > Last time I looked (a few months ago), the documentation was pretty sparse or outdated.

    It still is, though it works somewhat seamlessly when installing with https://github.com/kata-containers/kata-containers/blob/main...

    Though only one of the hypervisors works well.

  • Method to block possible internet traffic from LLaMA on MacOS
    1 project | /r/LocalLLaMA | 1 Jun 2023
    Better to use a secure VM, can even get container-like VMs with kata-containers
  • Kata Containers vs gVisor?
    2 projects | /r/codehunter | 14 Jul 2022
    As I understand,Kata Containers
  • Firecracker MicroVMs
    5 projects | news.ycombinator.com | 18 Oct 2021
    Kubernetes using Kata containers as a containerd backend

    https://github.com/kata-containers/kata-containers/blob/main...

  • Container security best practices: Ultimate guide
    4 projects | news.ycombinator.com | 13 Oct 2021
    My home k8s cluster is now "locked down" using micro-vms (kata-containers[0]), pod level firewalling (cilium[1]), permission-limited container users, and mostly immutable environments. Given how quickly I rolled this out; the tools to enhance cluster environment security seem more accessible now than my previous research a few years ago.

    I know it's not exactly a production setup, but I really do feel that it's the most secure runtime environment I've ever had accessible at home. Probably more so than my desktops, which you could argue undermines most of my effort, but I like to think I'm pretty careful.

    In the beginning I was very skeptical, but being able to just build a docker/OCI image and then manage its relationships with other services with "one pane of glass" that I can commit to git is so much simpler to me than my previous workflows. My previous setup involved messing with a bunch of tools like packer, cloud-init, terraform, ansible, libvirt, whatever firewall frontend was on the OS, and occasionally sshing in for anything not covered.

    [0] https://github.com/kata-containers/kata-containers

What are some alternatives?

When comparing lxd and kata-containers you can also consider the following projects:

kubevirt - Kubernetes Virtualization API and runtime in order to define and manage virtual machines.

firecracker-containerd - firecracker-containerd enables containerd to manage containers as Firecracker microVMs

gvisor - Application Kernel for Containers

firecracker-container

sysbox - An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.

podman - Podman: A tool for managing OCI containers and pods.

packer-plugin-lxd - Packer plugin for LXD Builder

ignite - Ignite a Firecracker microVM

lxd-demo-server - The LXD demo server

cloud-hypervisor - A Virtual Machine Monitor for modern Cloud workloads. Features include CPU, memory and device hotplug, support for running Windows and Linux guests, device offload with vhost-user and a minimal compact footprint. Written in Rust with a strong focus on security.

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured