Mirantis named a Challenger in 2024 Gartner® Magic Quadrant™ for Container Management  |  Learn More

< BLOG HOME

Introducing Mirantis Container Runtime 25: Enhanced Observability, Extensibility, and Performance

image

At Mirantis, we’re dedicated to empowering developers and operators with tools that enable seamless containerization and orchestration. Today, we are thrilled to announce the release of Mirantis Container Runtime (MCR) 25, our latest version of the runtime you’ve come to rely on for running containers securely with high performance. Built on the trusted foundation of Docker Moby, MCR 25 introduces critical advancements in observability, extensibility, and performance, ensuring our customers can continue to build, deploy, and manage containers with confidence, whether they use MCR 25 standalone or combine it with Swarm and/or Kubernetes orchestration with the new Mirantis Kubernetes Engine 3.8 release.

Let’s dive into the key features of this release and explore how they can benefit your organization.

Improved Observability: OpenTelemetry Support

As organizations grow, so do the complexity of their applications and the challenges of monitoring them effectively. MCR 25 addresses this need by introducing support for OpenTelemetry, an open-source framework for observability.

OpenTelemetry provides a unified standard for collecting, processing, and exporting telemetry data such as logs, metrics, and traces. MCR 25 can emit traces of Engine API requests using the OpenTelemetry protocol. With MCR 25, users can seamlessly integrate OpenTelemetry into their environments, enabling better visibility into container lifecycle operations for containerized workloads.

For example, teams can now use OpenTelemetry to aggregate data from various microservices and build custom dashboards in a tool like Grafana. This holistic view helps organizations detect anomalies faster, optimize resource utilization, and ensure reliable application performance.

Enhancements for Swarm

MCR 25 includes Swarm-specific enhancements to support more networking topologies and to improve control over security for specific workloads.

Windows - Support Local Network Drivers for Swarm

Local-scope network drivers internal, l2bridge, and nat can now be used on Swarm on Windows for use cases such as running the Swarm host behind a firewall.

Linux - Swarm Seccomp and AppArmor 

MCR 25 supports setting custom Seccomp profiles and some AppArmor configuration when creating Swarm Services. These new options enable operators to optimize security for specific workloads and are part of the Privileges section of the ContainerSpec. The no-new-privileges flag has also been added.

Container Device Interface (CDI) Support for AI and Edge

We now live in the world of GPGPU. AI, ML, cryptocurrency, and more all depend on specialized hardware devices. Users expect their containerized services to make use of GPUs, FPGAs, and even exotic devices like LIDARs. Similarly, edge computing and IoT for real-time data processing in manufacturing, healthcare, and other industries also need to integrate with high-speed cameras, sensors, or other hardware peripherals. The Container Device Interface is a standard for container runtimes to make use of third-party devices. It basically provides a way to inject modifications into the OCI spec used to start and run the container. MCR 25 includes CDI support as an experimental feature that must be enabled.

Coming Soon: CRUN for Lightning-Fast Container Performance

In Q1 next year, MCR 25 will introduce support for CRUN, a high-performance OCI runtime built in C. Unlike runtimes written in Go, CRUN boasts lower memory usage and faster execution times, allowing containers to launch more quickly and with greater efficiency, making it possible to reliably host more containers per node than ever before!

Organizations managing large-scale, latency-sensitive applications, such as real-time analytics or e-commerce platforms, will find CRUN invaluable for improving operational efficiency. Faster container start times mean less downtime during scaling events, directly translating to improved customer satisfaction and cost savings.

Healthy Containers, Faster

Health checks are key for self-healing, scalable containerized services. Load balancers only route traffic to healthy containers, so the speed in which a container can be determined to be healthy limits how quickly a service can be scaled up. MCR 25 introduces the --health-start-interval option to containers and Swarm services to run container health-check probes at a different cadence when a container is first starting up. This makes it possible for containers to reach healthy status more quickly by checking their health at a short interval during startup while using a longer health-check interval at steady state so as not to incur as much overhead. 

Coming Soon: Broader Support for OCI-Compliant Runtimes with: Kata Containers and gVisor

In Q2 next year, MCR 25 will also expand its capabilities with enhanced support for Kata Containers and gVisor, two leading OCI-compliant runtimes designed to bolster container security. These runtimes provide robust sandboxing mechanisms that isolate workloads from the host and other containers, offering critical protection against potential breaches.

Kata Containers utilize lightweight virtual machines (VMs) to deliver stronger workload isolation by leveraging hardware virtualization. This approach is particularly useful for organizations running multi-tenant environments, as it prevents a compromised container from impacting other tenants or the host system. Kata Containers also support secure boot and hardware-backed encryption, enabling customers to meet stringent compliance requirements such as HIPAA or PCI-DSS.

gVisor, on the other hand, operates by intercepting syscalls through its user-space kernel, providing a highly secure and resource-efficient way to sandbox applications. It is ideal for scenarios where lightweight isolation is needed without the overhead of full VMs. gVisor integrates seamlessly with Kubernetes, making it an excellent choice for organizations that need granular control over untrusted workloads.

Learn more about MCR 25 in the release notes.

Robert Illing

Robert Illing is Product Manager for Mirantis Container Runtime.

Mirantis simplifies cloud native development.

From the leading container engine for Windows and Linux to fully managed services and training, we can help you at every step of your cloud native journey.

Connect with a Mirantis expert to learn how we can help you.

CONTACT US