top | item 44358129

(no title)

SEJeff | 8 months ago

Thomas, what are your thoughts on micro-vms such as kata containers? You can use them as a backend for docker in place of runc.

I'm sure you're well aware, but for the readers, they are isolated with a CPU's VT instructions which are built to isolate VMS. I still think "containers don't contain" in a very Dan Walsh boston accent, but this seems like a respectable start.

https://katacontainers.io

discuss

tptacek|8 months ago

I have no strong opinion other than that untrusting cotenants shouldn't directly share a kernel.

burnt-resistor|8 months ago

They're slow and so unsuitable for dev work. They might be somewhat better for prod, but it depends on a wide selection of unproven hypervisors.

tptacek|8 months ago

Which "unproven" hypervisors are those? Kata works with Firecracker.