Run containers in separate virtual machines

The high end version of IBM Blockchain Platform uses a combination of virtualization and containerization to crank up isolation attributes of business networks a bit. We have now released the underlying technology into Open Source: runq on github.

runq allows to start containers in a slightly different fashion in a Docker environment:
As soon as the container is started, a KVM guest will be spun up under the covers. Inside that guest, a minimal Linux environment is booted which then runs the container workload. All this happens quite transparently, and container images can be reused without change (unless they do weird things).

There have been similar approaches for this goal, most notable Clear Containers and runv (and the combination of these which puts it into an OpenStack context: kata). In contrast, runq focusses on minimalism: it conciously refrains from implementing some features which would blow up the code, and very much aligns to runc, which is the original runtime of container/docker/kubernetes and friends. At its core, runq is few lines (relatively speaking). Checkout the project github page for a short summary of goals.

This simplicity is visible when installing and working with runq: use your IBM Z or x86 environment and follow a few simple steps on https://github.com/gotoz/runq and you are ready to start deploying containers in virtual machines. runq is built in containers (with make release release-install), so no build prereqs necessary.

Note for RHEL users: your kernel must support KVM -- this is typically the case for recent distros that carry a 4.x kernel. RHEL 7.4 is currently out of luck, but the public RHEL 7.5 beta documentation raises hopes.

Note for SLES users: if you have not installed SUSE's qemu package, you need to set "sysctl vm.allocate_pgste=1" (e.g. write that setting into a file in /etc/sysctl.d/)

If you are currently not hit by that, go have a try -- it's simple and quick to try.