Overview
Explore a conference talk that delves into the evolution of secure containers and their integration with service mesh technology. Learn about the quantitative comparison between Kata containers and gVisor, including CPU/Networking performance, filesystem storage penalties, memory consumption, and syscall overhead. Discover the advancements in Kata Containers 1.5, including lightweight hypervisor support and the introduction of virtio-fs for improved filesystem sharing. Gain insights into the seamless containerd integration with shimv2 and its potential impact on secure sandbox support for Kubernetes. Examine Ant Financial's approach to end-to-end security, focusing on both secure containers and ServiceMesh implementation to achieve comprehensive service security.
Syllabus
From Secure Container to Secure Service - Xu Wang & Fupan Li, Ant Financial
Taught by
Linux Foundation