Kata Containers: A painless way to secure your containers presented at DevSecConBoston 2018

by Eric Ernst,

Summary : Kata Containers is an open source project that brings the security of hardware virtualization to containers through lightweight VMs, without deteriorating performance. Kata is for the teams who want to keep (or start using) containers, but recognize that traditional containers don’t always provide adequate security.Kata Containers is an OCI compatible runtime, so Kata seamlessly plugs into both Docker and Kubernetes. Kata lets teams provision containers on bare metal with the isolation of VMs, but is also works in any environment that support nested virtualization.We’ll walk through Kata’s architecture, how it integrates with the container ecosystem, and give a demo of deploying Kata Containers on a Kubernetes cluster with a mix of native-namespace containers as a real world example of increased containers security in action and to show that, while security is hard, running Kata Containers is easy.What can I expect to learn?As more and more workloads are moving to containers, the security concerns around running business-critical applications through software-only isolation layers are growing. Teams operating and developing with containers need to build a stronger container security architecture; Kata Containers can be part of the solution.