Kazunori Sato on Twitter: "Google、Docker/k8s向け軽量サンドボックスgVisorをOSS公開。VM並みの隔離性をVMなしで実現。これ公開したの驚いた。 https://t.co/kXZGqYeaQP… "
Googleが軽量サンドボックスをOSSで公開
Google、Docker/k8s向け軽量サンドボックスgVisorをOSS公開。VM並みの隔離性をVMなしで実現。これ公開したの驚いた。 https://cloudplatform.googleblog.com/2018/05/Open-sourcing-gVisor-a-sandboxed-container-runtime.html …
Kazunori Sato on Twitter: "Google、Docker/k8s向け軽量サンドボックスgVisorをOSS公開。VM並みの隔離性をVMなしで実現。これ公開したの驚いた。 https://t.co/kXZGqYeaQP… "
A growing desire to run more heterogenous and less trusted workloads has created a new interest in sandboxed containers—containers that help provide a secure isolation boundary between the host OS and the application running inside the container. To that end, we’d like to introduce gVisor, a new kind of sandbox that helps provide secure isolation for containers, while being more lightweight than a virtual machine (VM). gVisor integrates with Docker and Kubernetes, making it simple and easy to run sandboxed containers in production environments.
Open-sourcing gVisor, a sandboxed container runtime | Google Cloud Blog