Improving your Kubernetes Workload Security with Hardware Virtualization
On any given node, all Kubernetes workloads are running through software-only isolation. The security concerns related to that level of isolation could be mitigated by using hardware virtualization fo …
| Talk Title | Improving your Kubernetes Workload Security with Hardware Virtualization |
| Speakers | Fabian Deutsch (Engineering Manager, Red Hat), Samuel Ortiz (Principal Software Engineer, Intel) |
| Conference | KubeCon + CloudNativeCon Europe |
| Conf Tag | |
| Location | Copenhagen, Denmark |
| Date | Apr 30-May 4, 2018 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
On any given node, all Kubernetes workloads are running through software-only isolation. The security concerns related to that level of isolation could be mitigated by using hardware virtualization for both pods and traditional (legacy?) workloads. This talk will present two complementary approaches for doing so: Kata Containers and KubeVirt. We’ll be describing how both projects leverage CPU virtualization to implement a stronger security architecture for Kubernetes. When combining both approaches, one can run a wider range of workloads, from untrusted containers through Kata Containers to more traditional, lift and shift applications with KubeVirt.
