Containers Icon

Containers

8 Stories
All Topics

The New Stack Icon The New Stack

How Firecracker is going to set modern infrastructure on fire

One of the most exciting announcements from last week’s AWS re:Invent was Firecracker — an open source project that delivers the speed of containers with the security of VMs. Firecracker’s focus is transient and short-lived processes, so it differs from containers in that it’s optimized for startup speed. Why can’t we use containers? The answer is simple — slower cold start. While LXC and Docker are certainly faster and lighter than full-blown virtual machines, they still don’t match the speed expected by functions. There are also some security wins with how Firecracker is architected: Firecracker takes a radically different approach to isolation. It takes advantage of the acceleration from KVM, which is built into every Linux Kernel with version 4.14 or above. KVM, the Kernel Virtual Machine, is a type-1 hypervisor that works in tandem with the hardware virtualization capabilities exposed by Intel and AMD. There’s a lot to be intrigued by here. We should probably line up an episode on Firecracker. In the meantime, click through to go deeper on the topic.

read more...

Ives van Hoorne Hackernoon

CodeSandbox Containers is in beta

CodeSandbox Containers was just announced by Ives van Hoorne on Hacker Noon. Today we’re happy to announce CodeSandbox Containers. We execute your code on a server, which allows you to work on any JavaScript project that works locally. But you gotta use it so they can test things and get it right. We can only test CodeSandbox Containers fully when we have other people using it. … Please don’t use it for any project with files you don’t want publicly exposed. There’s also the chance that the service might be down because of things that we haven’t foreseen yet, in which case you’ll see a nice warning message. We will dedicate the coming months to squash every bug we can find, when we think that CodeSandbox Containers is stable enough to remove the beta warning we will announce this.

read more...

Tyler Treat bravenewgeek.com

Multi-cloud is a trap

This is the battle cry that started the Open Container Initiative. But in reality, are/was multi-cloud and vendor lock-in true concerns for software teams? Tyler Treat writes on his personal blog: We want to be cloud-agnostic. We need to avoid vendor lock-in. We want to be able to shift workloads seamlessly between cloud providers. Let me say it again: multi-cloud is a trap. Outside of appeasing a few major retailers who might not be too keen on stuff running in Amazon data centers, I can think of few reasons why multi-cloud should be a priority for organizations of any scale.

read more...

Jessie Frazelle blog.jessfraz.com

Containers, security, and echo chambers

Jessie Frazelle: There seems to be some confusion around sandboxing containers as of late, mostly because of the recent launch of gvisor… There is a large amount of ignorance towards the existing defaults to make containers secure. Which is crazy since I have written many blog posts on it and given many talks on the subject. Jessie has been doing the yeoman’s work of Linux kernel isolation and making containers secure for awhile now, but much of that work has been overlooked or disregarded by others in the community. I’m on the outside looking in at this situation, so it’s tough to call exactly what’s going on, but according to Jessie: When you work at a large organization you are surrounded by an echo chamber. So if everyone in the org is saying “containers are not secure,” you are bound to believe it and not research actual facts. That doesn’t mean Jessie thinks containers are secure (click through to read her take on that). There’s a lot to dig in to here and think about. I’ll pull out one last point: I am not trying to throw shade at gvisor but merely clear up some FUD in the world of open source marketing. I truly believe that people choosing projects to use should research into them and not just choose something shiny that came out of Big Corp. Now that’s a sentiment I can get behind! Oh, and listen to this related episode of The Changelog if you haven’t yet. It’s a must-listen for all developers.

read more...

Google Icon Google

gVisor – a sandboxed container runtime

Why does this exist? Containers are not a sandbox. While containers have revolutionized how we develop, package, and deploy applications, running untrusted or potentially malicious code without additional isolation is not a good idea. The efficiency and performance gains from using a single, shared kernel also mean that container escape is possible with a single vulnerability. gVisor takes a distinct approach to container sandboxing and makes a different set of technical trade-offs compared to existing sandbox technologies, thus providing new tools and ideas for the container security landscape.

read more...

Netflix Technology Blog Icon Netflix Technology Blog

Titus, the Netflix container management platform, is now open source

Is Netflix Titus open source yet? Yes. Titus powers critical aspects of the Netflix business, from video streaming, recommendations and machine learning, big data, content encoding, studio technology, internal engineering tools, and other Netflix workloads So, why is Netflix open sourcing Titus? …we’ve been asked over and over again, “When will you open source Titus?” It was clear that we were discussing ideas, problems, and solutions that resonated with those at a variety of companies, both large and small. We hope that by sharing Titus we are able to help accelerate like-minded teams, and to bring the lessons we’ve learned forward in the container management community. The question is, is it too late for Titus to gain traction in a world where Kubernetes has seemingly already won?

read more...

Red Hat Icon Red Hat

Red Hat to acquire CoreOS

This is a big deal. We’ve been tracking CoreOS since the beginning — we’re huge fans of Alex, Brandon and the team behind CoreOS. Red Hat has signed a definitive agreement to acquire CoreOS, Inc., an innovator and leader in Kubernetes and container-native solutions, for a purchase price of $250 million. Red Hat is a publicly traded company and while this announcement hasn’t really impacted shareholder value (yet), we, the open source community have been immeasurably impacted by the team behind CoreOS. Also, check out Alex Polvi’s announcement on the CoreOS blog which includes some details and backstory.

read more...
0:00 / 0:00