Clearlinux bundles Kata Containers as well a firecracker.
To quickly experience how Kata Containers can be used to setup a cluster that can run Kubernetes with different types of isolation mechanisms we have created a simple developer enviornment. With this you can run workloads with runc (using cgroups, namespaces provided by the host kernel for isolation), Kata with QEMU/KVM (uses VT-x for isolation and QEMU as the hypervisor) and Kata with Firecracker (uses VT-x for isolation and the minimal Firecracker VMM).
So you can match your isolation, security and feature requirement on a workload by workload basis.
Here is a quick start guide based on https://github.com/clearlinux/cloud-native-setup/blob/master/clr-k8s-examples/README.md
Assuming you have vagrant setup
git clone https://github.com/clearlinux/cloud-native-setup
cd ./cloud-native-setup/clr-k8s-examples
#Ensure the vagrant enviornment is current
vagrant destroy -f
vagrant box update
vagrant box prune
#Create a vagrant VM to run kubernetes
vagrant destroy -f; NODES=1 CPUS=8 vagrant up --provider=libvirt
#ssh into the vagrant VM
vagrant ssh clr-01
#Bring up a minimal kubernetes stack
/vagrant/create_stack.sh minimal
watch kubectl get po --all-namespaces
# Run a Kata POD using firecracker
kubectl apply -f /vagrant/tests/test-deploy-kata-fc.yaml
#Wait for the POD to come up
watch kubectl describe pod
#Check that it works
http_proxy="" https_proxy="" curl -w "\n" -s $(kubectl get svc php-apache-kata-fc | awk 'NR==2 {print $3}')
#Run a Kata POD using QEMU
kubectl apply -f /vagrant/tests/test-deploy-kata-qemu.yaml
http_proxy="" https_proxy="" curl -w "\n" -s $(kubectl get svc php-apache-kata-qemu | awk 'NR==2 {print $3}')
#Run a Kata POD using runc
kubectl apply -f /vagrant/tests/test-deploy-runc.yaml
http_proxy="" https_proxy="" curl -w "\n" -s $(kubectl get svc php-apache-runc | awk 'NR==2 {print $3}')