Upgrade to Pro — share decks privately, control downloads, hide ads and more …

KubeCon EU Runtime Track Recap

KubeCon EU Runtime Track Recap

Ian Lewis

May 30, 2019
Tweet

More Decks by Ian Lewis

Other Decks in Technology

Transcript

  1. Ian Lewis (@IanMLewis) Developer Advocate, Google Cloud I work on

    gVisor, Containers, Kubernetes, and Security Who are we?
  2. Tailor-Made Security: Building a Kubernetes Specific Hypervisor Samuel Ortiz, Intel

    & Andreea Florescu, Amazon • https://github.com/rust-vmm • Kata Containers - Sandbox for Kubernetes containers based on VMs • rust-vmm - a new light weight VMM made in rust. Functionality broken out into crates • firecracker - fork of CrosVM focused on serverless containers on bare metal. Limited functionality
  3. Lessons Learned Migrating Kubernetes from Docker to containerd Runtime Ana

    Calin, Paybase • containerd are container runtime features broken out of Docker • Docker supports build & Docker API on top of containerd • containerd is smaller and faster • containerd is more secure. No ability to build and override image tags in local repo
  4. Let's Try Every CRI Runtime Available for Kubernetes. No, Really!

    Phil Estes, IBM • Kubernetes RuntimeClass + containerd shim v2 ◦ containerd/runc ◦ containerd/runsc ( gVisor) ◦ containerd/kata ◦ containerd/firecracker • cri-o/runc
  5. 12 KVM/ptrace Gofer Gofer Gofers Containers Containers Host Linux Kernel

    Containers Sentry Sandbox User Kernel 9P runsc OCI Kubernetes seccomp + ns seccomp + ns gVisor Architecture