Google gVisor, a sandboxed container runtime

Google gVisor, a sandboxed container runtime

  • May 3, 2018
Table of Contents

Google gVisor, a sandboxed container runtime

To that end, we’d like to introduce gVisor, a new kind of sandbox that helps provide secure isolation for containers, while being more lightweight than a virtual machine (VM). gVisor integrates with Docker and Kubernetes, making it simple and easy to run sandboxed containers in production environments.

Source: googleblog.com

Tags :
Share :
comments powered by Disqus

Related Posts

Notes on structured concurrency, or: Go statement considered harmful

Notes on structured concurrency, or: Go statement considered harmful

In this post, I want to convince you that nurseries aren’t quirky or idiosyncratic at all, but rather a new control flow primitive that’s just as fundamental as for loops or function calls. And furthermore, the other approaches we saw above – thread spawning and callback registration – should be removed entirely and replaced with nurseries.

Read More
CoreOS Introduces the Operator Framework: Building Apps on Kubernetes

CoreOS Introduces the Operator Framework: Building Apps on Kubernetes

You may be familiar with Operators from the concept’s introduction in 2016. An Operator is a method of packaging, deploying and managing a Kubernetes application. A Kubernetes application is an application that is both deployed on Kubernetes and managed using the Kubernetes APIs and kubectl tooling.

Read More
NetChain: Scale-free sub-RTT coordination

NetChain: Scale-free sub-RTT coordination

NetChain won a best paper award at NSDI 2018 earlier this month. By thinking outside of the box (in this case, the box is the chassis containing the server), Jin et al. have demonstrated how to build a coordination service (think Apache ZooKeeper) with incredibly low latency and high throughput.

Read More