Seattle, WA
December 10–13, 2018
Click Here for More Information & Registration
View Venue Map
Thursday, December 13 • 10:50am - 11:25am
How to Choose a Kubernetes Runtime - Justin Cormack, Docker

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
This year has seen the launch of several new container runtimes,including gVisor from Google and Nabla from IBM, as well as the consolidation of the Hyper and Intel VM container projects into Kata containers. This talk looks at all the runtimes, how we can evaluate their security, and how they compare to the standard OCI runtime, runc.

There are a variety of ways of measuring how much the different runtimes reduce the Linux kernel attack surface, so this talk makes an assessment of those risks, based on types of code that are blocked, and actual and theoretical attacks. In addition we discuss the threat models for different types of users and code, and look at which types of user should consider these options.

This talk is aimed at people wishing to increase the security of the runtimes they are using for Kubernetes, and who wish to understand what the risks and improvements are.

avatar for Justin Cormack

Justin Cormack

Engineer, Docker
Justin Cormack is Security Lead at Docker. He is a maintainer on the CNCF Notary project and is involved with CNCF SIG Security. He has spoken at Kubecon on a variety of subjects such as containerd, security audits, Notary and container runtimes. He also speaks at other events such... Read More →

Thursday December 13, 2018 10:50am - 11:25am
4C 1/2