July 2019
Intermediate to advanced
502 pages
14h
English
Content preview from Hands-On Microservices with Kubernetes
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
gVisor
gVisor is an open source project from Google. It is a user-space kernel sandbox that sits in front of the host kernel. It exposes an Open Container Initiative (OCI) interface called runsc. It also has a CRI plugin to interface directly with Kubernetes. The protection offered by gVisor is only partial. If there is a container breach, then the user kernel and a special secomp policy provide extra layers of security, but it is not a complete isolation. gVisor is used by Google AppEngine.