As a quick note, while containers offer a degree of isolation, depending on your use case you might not want to put too many eggs into that basket (Linux privilege escalation bugs do happen). E.g. Firecracker VM is a relatively easy improvement to make of course, and on cloud env the container isolation might be Amazon’s/Microsoft’s problem. Just figured it would be good to mention not to see containers as a silver bullet, while they are better than not using containers on a shared host (and a useful tool in general :-)
No comments yet.