How CNStack Enables Cloud‑Native Virtualization with KubeVirt and Hybrid Storage

Containers have become the foundation of modern cloud infrastructure, yet many enterprise workloads still rely on VMs due to legacy systems and technical debt. Gartner predicts that by 2026, 75% of private clouds will run mixed VM and container workloads. CNStack’s virtualization service (cnstack-virtualization) addresses this shift by using CNCF KubeVirt‑based cloud‑native virtualization to manage containers and VMs through a single control plane, enabling resource pooling, unified scheduling, and seamless migration of non‑containerizable applications.

CNStack Virtualization Service Overview

Deployed as an independent cloud service in CNStack 2.0, the virtualization layer reuses multi‑cluster resource management, unified gateway, and cluster distribution capabilities while remaining flexible for independent evolution. Current capabilities include full VM lifecycle management (power on/off, reboot, pause, snapshot), self‑service operations via VNC or serial console, snapshot/restore, monitoring and alerting, image management, and support for ARM, IPv6, fixed IP, edge VM autonomy, and snapshot cloning.

Key Components

cnstack-virt-console : A micro‑frontend plugin integrated into the CNStack console, providing a consistent user experience and independent deployment of the virtualization UI.

cnstack-virt-api : RESTful API exposing Custom Resources such as VirtualMachine, DataVolume, and VMImage, with authentication, authorization, and audit handled by CNStack IAM Gateway. It leverages the cluster‑gateway component for cross‑cluster resource distribution.

KubeVirt : Extends Kubernetes with VM CRDs, treating VMs as first‑class citizens. It runs QEMU VMs on top of containers, reusing CNI and CSI plugins for networking and storage. CNStack adds IPv6, guest OS monitoring, fixed IP, edge autonomy, and snapshot cloning.

CDI (Containerized Data Importer) : Manages VM disk import/export, supporting external sources like VMware, oVirt, and various image formats (ISO, QCOW2, OSS, HTTP).

vmimage-controller : Handles VM image CRDs, providing OS metadata, image import/export, and support for multiple storage backends.

Architecture Highlights

Compared with traditional platforms (OpenStack, vSphere), CNStack’s cloud‑native approach offers openness by relying on Kubernetes standards (CNI, CSI) to avoid vendor lock‑in, and benefits from the vibrant cloud‑native ecosystem (monitoring, logging, security, app management).

KubeVirt Architecture

KubeVirt defines a VirtualMachine CR whose Domain spec mirrors Libvirt’s domain definition. The control plane consists of virt-api and virt-controller, while virt-handler runs as a DaemonSet on each node to manage VM configuration. The actual QEMU process runs inside a virt-launcher pod, bridging VM storage and network to the container world.

VM Storage

VM disks are stored in volumes attached to the virt-launcher pod and provisioned via CSI plugins. Two volume modes are supported:

File: PV with a single disk image file (FileSystem VolumeMode).

Block: PV exposing a raw block device (Block VolumeMode) for better performance.

CNStack supports both local storage (via Alibaba’s open‑local plugin) and distributed storage (via Alibaba’s vCNS solution) to meet different performance and cost requirements.

VM Networking

KubeVirt uses CNI plugins to create a pod‑nic in the pod’s network namespace and connects it to the VM’s VM‑nic through various Network Binding Modes:

bridge : Direct L2 bridge, VM obtains IP via DHCP.

masquerade : VM gets a local IP; traffic is NAT‑ed to the pod IP.

Other modes (sriov, slirp, passt) are also available.

CNStack adds fixed‑IP support using Alibaba’s hybridnet plugin, ensuring that a VM’s pod retains the same IP and MAC after recreation.

VM Image Pipeline

To simplify Golden Image creation, CNStack builds a Tekton pipeline that converts ISO installers into ready‑to‑use images:

Install OS : Use kickstart (Linux) or Sysprep (Windows) for automated OS installation on a PVC.

Config OS : Launch a temporary pod, SSH into the VM, run bootstrap scripts, install Cloud‑init, QEMU Guest Agent, etc.

Reset TempConfig : Run virt-sysprep to erase MAC addresses, SSH keys, and other transient data.

Upload Image : Export the cleaned disk to OSS or other object storage via CDI DataVolume HTTP source, then delete the PVC.

This pipeline enables reproducible Golden Images (e.g., Ubuntu Cloud Image, Alibaba ECS images) for rapid VM provisioning.

Future Outlook

Beyond VM lifecycle management, CNStack plans to extend in‑VM application operations to match container‑native management, providing unified observability, governance, and automated remediation for both VM and container workloads.

References

CNStack product site: https://www.aliyun.com/activity/middleware/cnstack

KubeVirt documentation: https://kubevirt.io/

Open‑local: https://github.com/alibaba/open-local

Hybridnet: https://github.com/alibaba/hybridnet

Tekton CI/CD: https://tekton.dev/

CDI repository: https://github.com/kubevirt/containerized-data-importer