search

polettix / ETOOBUSY

GitHub Pages with Jekyll for the impatient
https://github.polettix.it/ETOOBUSY/
Other
6 stars 1 forks source link

Kata Containers #4

Closed polettix closed 4 years ago

polettix commented 4 years ago

I think this definition is very clear and concise:

What are Kata Containers?

You're taking your container and we're looking to add an extra layer of isolation. So we're not saying that containers are terrible, it's just we think that defence at depth makes a lot of sense, depending on your security profile. So what we do on a per-container basis, or per-Pod if you're in the Kubernetes space, is launch a lightweight virtual machine and inside of that instantiate your container, and the rest of it is just us doing plumbing so that way it's not a lot of overhead for you and that just works.

Taken from here

Also this is of interest: Kata Containers: Secure, Lightweight Virtual Machines for Container Environments

polettix commented 4 years ago

Ready for publishing, 2020-01-11

polettix commented 4 years ago

Published