Google open sources gVisor, a sandboxed container runtime

Thanks to KubeCon in Copenhagen, this week is all about containers — and especially Kubernetes. Given that Kubernetes was born out of Google’s internal container usage, it’s no surprise that Google also has a few announcements at the show. Maybe the most interesting of these is the launch of gVisor, a sandboxed container runtime that aims to ensure a secure isolation between containers.

As the name implies (at least if you live in this world), gVisor is a bit like a hypervisor that provides the isolation between traditional virtual machines, but for containers. That’s especially interesting to businesses that want to ensure the security of their container workloads, something that’s still a bit of an issue in the Kubernetes world.

“A growing desire to run more heterogeneous and less trusted workloads has created an interest in sandboxed containers — containers that provide a secure isolation boundary  between the host OS and the application running inside the container,” today’s announcement notes. “gVisor provides a strong isolation boundary by intercepting application system calls and acting as a guest kernel, all while running entirely in user-space.”

In addition to gVisor, Google is also launch support for Kubernetes in Stackdriver Monitoring. This new service, which is now in beta, will give developers a unified view of the state of their Kubernetes applications across clouds and om-premises environments. Outside of the Google Cloud, though, developers will have to do a bit of integration work to make everything run smoothly.




Tech Stories Are Here.


We're not around right now. But you can send us an email and we'll get back to you, asap.


©2018 VivaLasGidi

Design by

Welcome neighbour!

Log in with your credentials


Forgot your details?

Create Account