Morioh
Login
Anton Palyonko

Anton Palyonko

3 years ago

More Than Secure: Containerd + KataContainers as Kubernetes Runtime - Lei Zhang, Alibaba & Fupan Li, HyperHQ

Is your container secure? Are you satisfied with Linux namespaces as your security boundary? In this session, we would like to focus on the design and implementation of how to leverage hardware virtualization based runtime, specifically, the KataContainers, in the Kubernetes cluster by integrating with containerd. The session will demonstrate how we refactored KataContainers as a plugin of containerd, how this runtime plugin handle networking through CRI and solve low performance issue of hypervisor based container runtime with custom volume plugins. This session will introduce design and implementation of CRI as well, which has already triggered the second boom of container runtimes in Kubernetes community. Finally, we will explain why hypervisor runtime is not only about security: legacy applications and hard multi-tenancy, it’s the world containerd + KataContainers is rock and roll.

#kubernetes #katacontainers

More Than Secure: Containerd + KataContainers as Kubernetes Runtime - Lei Zhang, Alibaba

youtube.com

More Than Secure: Containerd + KataContainers as Kubernetes Runtime - Lei Zhang, Alibaba

More Than Secure: Containerd + KataContainers as Kubernetes Runtime - In this session, we would like to focus on the design and implementation of how to leverage hardware virtualization based runtime, specifically, the KataContainers, in the Kubernetes cluster by integrating with containerd. The session will demonstrate how we refactored KataContainers as a plugin of containerd, how this runtime plugin handle networking through CRI and solve low performance issue of hypervisor based container runtime with custom volume plugins. This session will introduce design and implementation of CRI as well, which has already triggered the second boom of container runtimes in Kubernetes community. Finally, we will explain why hypervisor runtime is not only about security: legacy applications and hard multi-tenancy, it's the world containerd + KataContainers is rock and roll.

1.75 GEEK