Surviving Serverless Battle By Secure Runtime, CRI and RuntimeClass
Why Google released gVisor, AWS developed Firecracker, and Kata is on the fire? In this talk, we will discuss the unrevealed connection between secure container runtime and Serverless based on our ob …
Talk Title | Surviving Serverless Battle By Secure Runtime, CRI and RuntimeClass |
Speakers | Xiaoyu Zhang (Senior Engineer, Alibaba), Lei Zhang (Staff Engineer, Alibaba) |
Conference | KubeCon + CloudNativeCon Europe |
Conf Tag | |
Location | Barcelona, Spain |
Date | May 19-23, 2019 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
Why Google released gVisor, AWS developed Firecracker, and Kata is on the fire? In this talk, we will discuss the unrevealed connection between secure container runtime and Serverless based on our observation and research in public cloud and OpenFaaS community, and then explain why we think CRI & RuntimeClass will contribute to this new “battle field”. With this context, we will share a matrix of secure container runtimes from CRI perspective. For example, what’s the attacking surface & isolation mechanism? Is there independent guest kernel? Does it support certain CRI feature? We will discuss which dimension will be hidden by CRI and which will not, and what this means for Serverless & its users. We will also share how we map CRI Matrix into RuntimeClass, choose proper runtime, and then setup Serverless platform. The design & adoption of RuntimeClass will be evaluated here as well.