Tailor-Made Security: Building a Kubernetes Specific Hypervisor
One of the many benefits of the recently introduced RuntimeClass feature is the ability for operators to run hypervisor isolated container workloads in order to build secure multi-tenant deployments.. …
| Talk Title | Tailor-Made Security: Building a Kubernetes Specific Hypervisor |
| Speakers | Andreea Florescu (Software Development Engineer, Amazon), Samuel Ortiz (Principal Software Engineer, Intel) |
| Conference | KubeCon + CloudNativeCon Europe |
| Conf Tag | |
| Location | Barcelona, Spain |
| Date | May 19-23, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
One of the many benefits of the recently introduced RuntimeClass feature is the ability for operators to run hypervisor isolated container workloads in order to build secure multi-tenant deployments.. While projects like Kata Containers allow operators to run their Kubernetes workloads through a growing list of hypervisors, none of them is designed with Kubernetes specific use cases in mind. This session will describe how to improve container workloads performance, security and density by building a Kubernetes dedicated hypervisor. At first we will describe what running a Kubernetes compatible hypervisor requires. Then we will show how the recently formed rust-vmm project allows for designing KVM based hypervisors for very customized use cases, including the Kubernetes ones. Finally we will use the serverless example to show what a reduced Kubernetes hypervisor looks like.
