Thursday, May 23 • 11:05 - 11:40
Tailor-Made Security: Building a Kubernetes Specific Hypervisor - Samuel Ortiz, Intel & Andreea Florescu, Amazon

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
One of the many benefits of the recently introduced RuntimeClass feature is the ability for operators to run hypervisor isolated container workloads in order to build secure multi-tenant deployments.. While projects like Kata Containers allow operators to run their Kubernetes workloads through a growing list of hypervisors, none of them is designed with Kubernetes specific use cases in mind.

This session will describe how to improve container workloads performance, security and density by building a Kubernetes dedicated hypervisor. At first we will describe what running a Kubernetes compatible hypervisor requires. Then we will show how the recently formed rust-vmm project allows for designing KVM based hypervisors for very customized use cases, including the Kubernetes ones. Finally we will use the serverless example to show
what a reduced Kubernetes hypervisor looks like.

avatar for Andreea Florescu

Andreea Florescu

Software Development Engineer, Amazon
I am a software engineer with the Amazon Web Services Firecracker team. I am passionate about open source and, beyond Firecracker, I am also contributing to rust-vmm, a community effort to create a shared set of Rust-based Virtual Machine Monitor components. So far I’ve been talking... Read More →
avatar for Samuel Ortiz

Samuel Ortiz

Principal Engineer, Intel
Samuel works as a software engineer for Intel, where he spends his time playing with containers, virtual machines, hypervisors and orchestrators.

Thursday May 23, 2019 11:05 - 11:40 CEST
Hall 8.0 C2