Loading…
Thursday, May 23 • 11:05 - 11:40
Tailor-Made Security: Building a Kubernetes Specific Hypervisor - Samuel Ortiz, Intel & Andreea Florescu, Amazon

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
One of the many benefits of the recently introduced RuntimeClass feature is the ability for operators to run hypervisor isolated container workloads in order to build secure multi-tenant deployments.. While projects like Kata Containers allow operators to run their Kubernetes workloads through a growing list of hypervisors, none of them is designed with Kubernetes specific use cases in mind.

This session will describe how to improve container workloads performance, security and density by building a Kubernetes dedicated hypervisor. At first we will describe what running a Kubernetes compatible hypervisor requires. Then we will show how the recently formed rust-vmm project allows for designing KVM based hypervisors for very customized use cases, including the Kubernetes ones. Finally we will use the serverless example to show
what a reduced Kubernetes hypervisor looks like.

Speakers
avatar for Andreea Florescu

Andreea Florescu

Software Development Engineer, Amazon
I am a software engineer with the Amazon Web Services Firecracker team. I am passionate about open source and, beyond Firecracker, I am also contributing to rust-vmm, a community effort to create a shared set of Rust-based Virtual Machine Monitor components. So far I’ve been talking... Read More →
SO

Samuel Ortiz

Principal Software Engineer, Intel
I work at the Intel Open Source Technology Center where I spend my time playing with containers, virtual machines, hypervisors and orchestrators. Although I am currently contributing to Kata Containers, CRI-O, QEMU, NEMU and rust-vmm, I used to work on obscure networking protocols... Read More →



Thursday May 23, 2019 11:05 - 11:40
Hall 8.0 C2