Overview
Explore a technical conference talk that delves into the evolution of Kata Containers and its intersection with Service Mesh technology. Learn about the security challenges that emerged following the release of Kata Containers 3.0, particularly in AntGroup's heterogeneous workload isolation deployments. Understand the critical security implications when service mesh sidecars operate within sandboxes, potentially compromising the control plane through sandbox access. Discover the updated threat model in mesh contexts and examine prototype designs aimed at relocating infrastructure sidecars outside the sandbox environment. Gain insights from initial Proof of Concept benchmark results and understand how these developments shape the future of container security in service mesh architectures. Presented by Jieyue Ma and Fupan Li, this presentation addresses the ongoing efforts to strengthen security boundaries and protect infrastructure in the upcoming release cycle.
Syllabus
Towards Kata Containers 4 When Kata Containers Meet Service Mesh
Taught by
OpenInfra Foundation