Modal Title
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
4 Factors to Consider When Choosing a Cloud Native App Platform
Jun 2nd 2023 10:00am, by Guilherme (Gui) Alvarenga
How GitHub Uses GitHub to Be Productive and Secure
May 31st 2023 10:30am, by Loraine Lawson
Top 3 Application Security Must-Haves
May 26th 2023 7:59am, by Guilherme (Gui) Alvarenga
Cloud Native Skill Gaps are Killing Your Gains 
May 22nd 2023 7:15am, by Victoria Wright
A Boring Kubernetes Release
May 19th 2023 12:23pm, by Alex Williams
Chainguard Improves Security for Its Container Image Registry
May 31st 2023 6:30am, by Steven J. Vaughan-Nichols
How to Protect Containerized Workloads at Runtime
May 30th 2023 4:00am, by Kevin Casey
How to Containerize a Python Application with Paketo Buildpacks
May 29th 2023 5:00am, by Sylvain Kalache
Can Rancher Deliver on Making Kubernetes Easy?
May 27th 2023 7:00am, by Jack Wallen
Red Hat Podman Container Engine Gets a Desktop Interface
May 23rd 2023 7:30am, by Joab Jackson
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by Chris J. Preimesberger
Gothenburg, Sweden Used Open Source IoT to Drastically Cut Water Waste
May 23rd 2023 6:58am, by Alex Handy
Building a Plant Monitoring Tool with IoT
May 8th 2023 9:27am, by Zoe Steinkamp
How to Choose and Model Time Series Databases
Apr 28th 2023 3:00am, by Robert Kimani
How to Optimize Queries for Time Series Data
Apr 27th 2023 12:00pm, by Robert Kimani
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by Susan Hall
RabbitMQ Is Boring, and I Love It
May 15th 2023 6:30am, by Josh Long
How OpenSearch Visualizes Jaeger's Distributed Tracing
May 11th 2023 10:00am, by Derek Ho and Jonah Kowall
Spring Cloud Gateway: The Swiss Army Knife of Cloud Development
May 8th 2023 6:47am, by Juergen Sussner
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
WithSecure Pours Energy into Making Software More Efficient
Jun 1st 2023 7:14am, by Joe Fay
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
How to Decide Between a Layer 2 or Layer 3 Network
Apr 25th 2023 10:00am, by Gino Dion
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
Wireshark Celebrates 25th Anniversary with a New Foundation
Mar 28th 2023 5:00am, by Joab Jackson
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by Andrew Brust
Forrester on WebAssembly for Developers: Frontend to Backend
May 17th 2023 6:00am, by Loraine Lawson
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
IBM's Quiet Approach to AI, Wasm and Serverless
May 4th 2023 6:00am, by Loraine Lawson
Cloud Control Planes for All: Implement Internal Platforms with Crossplane
Apr 13th 2023 10:00am, by Bassam Tabbara
The Architect’s Guide to Storage for AI
Jun 1st 2023 7:44am, by Keith Pijanowski
8 Real-Time Data Best Practices
Jun 1st 2023 5:00am, by Jennifer Riggins
Raft Native: The Foundation for Streaming Data’s Best Future
May 30th 2023 9:44am, by Doug Flora
Why the Document Model Is More Cost-Efficient Than RDBMS
May 25th 2023 9:24am, by Rick Houlihan
Amazon Aurora vs. Redshift: What You Need to Know
May 25th 2023 6:27am, by Casey Samulski
Frontend Development Software Development Typescript WebAssembly Cloud Services Data Machine Learning Security
LangChain: The Trendiest Web Framework of 2023, Thanks to AI
Jun 1st 2023 10:57am, by
30 Non-Trivial Ways for Developers to Use GPT-4
Jun 1st 2023 9:39am, by
Bluesky vs. Nostr — Which Should Developers Care About More?
May 30th 2023 7:51am, by
Bad by Design: The World of Intentionally Awful User Interfaces
May 28th 2023 6:00am, by
Dev News: New Microsoft Edge Tools and Goodbye Node.js 16
May 27th 2023 6:00am, by
Open Source Jira Alternative, Plane, Lands
Jun 2nd 2023 9:00am, by
The Cedar Programming Language: Authorization Simplified
Jun 2nd 2023 6:07am, by
Demystifying WebAssembly: What Beginners Need to Know
Jun 2nd 2023 5:35am, by
PyPI Strives to Pull Itself Out of Trouble
Jun 1st 2023 11:43am, by
30 Non-Trivial Ways for Developers to Use GPT-4
Jun 1st 2023 9:39am, by
Dev News: New Microsoft Edge Tools and Goodbye Node.js 16
May 27th 2023 6:00am, by
Dev News: Angular v16, plus Node.js and TypeScript Updates
Apr 22nd 2023 4:00am, by
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by
TypeScript 5.0: New Decorators Standard, Smaller npm
Mar 24th 2023 11:25am, by
JavaScript or WebAssembly: Which Is More Energy Efficient and Faster?
Jan 30th 2023 9:51am, by
Demystifying WebAssembly: What Beginners Need to Know
Jun 2nd 2023 5:35am, by
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by
New Image Trends Frontend Developers Should Support
May 25th 2023 6:00am, by
Could WebAssembly Be the Key to Decreasing Kubernetes Use?
May 22nd 2023 6:00am, by
Forrester on WebAssembly for Developers: Frontend to Backend
May 17th 2023 6:00am, by
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by
Cloud Dependencies Need to Stop F---ing Us When They Go Down
May 25th 2023 10:00am, by
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by
A Boring Kubernetes Release
May 19th 2023 12:23pm, by
Optimizing Mastodon Performance with Sidekiq and Redis Enterprise
May 18th 2023 10:30am, by and
Bringing AI to the Data Center 
Jun 1st 2023 6:13am, by
8 Real-Time Data Best Practices
Jun 1st 2023 5:00am, by
MongoDB vs. PostgreSQL vs. ScyllaDB: Tractian’s Experience
May 31st 2023 6:10am, by and
Oracle Support for MySQL 5.7 Ends Soon, Key Upgrades in 8.0
May 30th 2023 10:35am, by
Raft Native: The Foundation for Streaming Data’s Best Future
May 30th 2023 9:44am, by
Maker Builds a ChatGPT DOS Client for a 1984 Computer
May 31st 2023 11:04am, by
Google’s Generative AI Stack: An In-Depth Analysis
May 31st 2023 7:59am, by
MongoDB vs. PostgreSQL vs. ScyllaDB: Tractian’s Experience
May 31st 2023 6:10am, by and
Alteryx Announces AiDIN for AI-Powered Features
May 26th 2023 8:06am, by
Proprietary AI Models Are Dead. Long Live Proprietary AI Models 
May 26th 2023 6:13am, by
4 Factors to Consider When Choosing a Cloud Native App Platform
Jun 2nd 2023 10:00am, by
VeeamON 2023: When Your Nightmare Comes True
Jun 2nd 2023 7:47am, by
Demystifying WebAssembly: What Beginners Need to Know
Jun 2nd 2023 5:35am, by
PyPI Strives to Pull Itself Out of Trouble
Jun 1st 2023 11:43am, by
Chainguard Improves Security for Its Container Image Registry
May 31st 2023 6:30am, by
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
How to Host Your Own Platform as a Product Workshop
May 31st 2023 9:09am, by Jennifer Riggins
Take a Platform Engineering Deep Dive at PlatformCon 2023
May 26th 2023 10:00am, by Carrie Tang
Developer Platforms: Key Findings from a Forrester Snapshot
May 19th 2023 10:52am, by Aeris Stewart
How Otomi Helped the City of Utrecht Move to Kubernetes
May 15th 2023 10:00am, by Sander Rodenhuis
IBM Cloud CTO: Pros Outweigh the Cons with Platform Engineering
May 5th 2023 6:00am, by Loraine Lawson
VeeamON 2023: When Your Nightmare Comes True
Jun 2nd 2023 7:47am, by B. Cameron Gain
The Cedar Programming Language: Authorization Simplified
Jun 2nd 2023 6:07am, by Alex Williams
How to Improve Operational Maturity in an Economic Downturn
May 31st 2023 8:30am, by Jonathan Rende
MongoDB vs. PostgreSQL vs. ScyllaDB: Tractian’s Experience
May 31st 2023 6:10am, by Joao Pedro Voltani and Joao Granzotti
How to Protect Containerized Workloads at Runtime
May 30th 2023 4:00am, by Kevin Casey
Is DevOps Tool Complexity Slowing Down Developer Velocity?
May 17th 2023 6:29am, by Heather Joslyn and Lawrence E Hecht
AI Has Become Integral to the Software Delivery Lifecycle
May 12th 2023 11:01am, by Richard MacManus
4 Core Principles of GitOps
May 11th 2023 2:17pm, by Alex Williams
5 Version-Control Tools Game Developers Should Know About
May 9th 2023 10:00am, by Sharone Zitzman
Mitigate Risk Beyond the Supply Chain with Runtime Monitoring
May 8th 2023 10:00am, by Mike Long
Defend Open Source from Trolls: Oppose Patent Rule Changes
Jun 2nd 2023 6:49am, by Michael Dolan
How to Build a DevOps Engineer in Just 6 Months
Jun 1st 2023 10:43am, by Keri Barnett-Howell
Maker Builds a ChatGPT DOS Client for a 1984 Computer
May 31st 2023 11:04am, by David Cassel
Developers Can Turn Turbulent Times into Innovation and Growth
May 31st 2023 9:53am, by Ivan Letenko
Bluesky vs. Nostr — Which Should Developers Care About More?
May 30th 2023 7:51am, by Richard MacManus
Open Source Jira Alternative, Plane, Lands
Jun 2nd 2023 9:00am, by Darryl K. Taft
How to Build a DevOps Engineer in Just 6 Months
Jun 1st 2023 10:43am, by Keri Barnett-Howell
Cloud Security: Don’t Confuse Vendor and Tool Consolidation
May 30th 2023 6:24am, by Rani Osnat
Take a Platform Engineering Deep Dive at PlatformCon 2023
May 26th 2023 10:00am, by Carrie Tang
Developer Guide: A New Way to Build on the Slack Platform
May 26th 2023 8:30am, by Lauren Gil
How to Protect Containerized Workloads at Runtime
May 30th 2023 4:00am, by Kevin Casey
Can Rancher Deliver on Making Kubernetes Easy?
May 27th 2023 7:00am, by Jack Wallen
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
Overcoming the Kubernetes Skills Gap with ChatGPT Assistance
May 23rd 2023 11:00am, by Dev Nag
Could WebAssembly Be the Key to Decreasing Kubernetes Use?
May 22nd 2023 6:00am, by Loraine Lawson
Red Hat Ansible Gets Event-Triggered Automation, AI Assist on Playbooks
May 24th 2023 6:22am, by Joab Jackson
Observability: Working with Metrics, Logs and Traces
May 22nd 2023 8:23am, by Jessica Wachtel
Why Upgrade to Observability from Application Monitoring?
May 19th 2023 11:49am, by George Hamilton
Datadog’s $65M Bill and Why Developers Should Care
May 17th 2023 10:56am, by Loraine Lawson
How OpenSearch Visualizes Jaeger's Distributed Tracing
May 11th 2023 10:00am, by Derek Ho and Jonah Kowall
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Service Mesh Demand for Kubernetes Shifts to Security
Oct 27th 2022 11:04am, by B. Cameron Gain
Containers / Kubernetes / Security

Kubernetes and the Return of the Virtual Machines

Jan 17th, 2019 3:00pm by
Featued image for: Kubernetes and the Return of the Virtual Machines
Feature image via Pixabay.


#174: Kubernetes and the Return of the Virtual Machines

Listen to all TNS podcasts on Simplecast.

This week on The New Stack Analysts podcast, we take a closer look at the appeal of using virtual machines in Kubernetes environments.

The discussion was sparked by a popular blog post penned last month by Pivotal Principal Technologist Paul Czarkowski. The problem with basic Docker-styled containers is that they do not offer sufficient security in multitenant environments, where multiple deployments intermingle on the same set of Kubernetes-controlled servers. So we spoke with Czarkowski to learn more of his thinking.

Linux containers all rely on a shared kernel from the kernel, and isolation is provided by the kernel through namespaces. The Kubernetes API, however, is not secured, and most K8s components are not aware of the tenants. This is forcing service providers to provision Kubernetes workloads for different clients as separate clusters, not taking full advantage of the full savings that Kubernetes could provide by pooling workloads on the same cluster, Czarkowski argued.

Virtual machines — the cutting edge technology of the last decade — do offer the sufficient isolation to keep one client from peaking into another’s workload, he suggested. The major cloud providers offer container services nested in VMs for isolation (see Amazon Web Services’ Fargate). And Google’s gVisor, and Kata containers are two efforts to provide isolation for containers using slimmed down virtual machines.

In the second half of this podcast (recorded separately), we spoke with Joe Fernandes, Red Hat vice president for cloud platforms, about the commercial implications of this movement back towards VMs. He spoke about the security benefits that Red Hat’s OpenShift — Red Hat’s Kubernetes commercial distribution — brings to containers, as well as the adoption of technologies such as gVisor. We also spoke about the growing use of Kubernetes to manage non-container resources such as VMs, or serverless workloads via technologies such as KNative.

In this Edition:

3:39: When you’re talking about multitenancy, what do you mean in terms of a shared Kubernetes service?
10:29: Exploring the working groups in Kubernetes to tackle this problem.
15:04: Comparing VMs, isolation, and controls from a user standpoint versus using containers.
22:45: Are VMs the future of Kubernetes? What is the core issue here?
30:00: Does OpenShift support some of these micro-VMs?
34:22: Eventually, Kubernetes will be able to run on VMs the way that it runs in containers. What is the value proposition for companies that haven’t moved to containers to do so?

TNS editorial director Libby Clark hosted this episode of TNS Analysts, with the help of TNS managing editor Joab Jackson.

Group Created with Sketch.
Joab Jackson is Editor-in-Chief for The New Stack, assuring that the TNS website gets a fresh batch of cloud native news, tutorials and perspectives each day. He has reported on infrastructure IT for over 25 years, including stints at IDG...
Read more from Joab Jackson
SHARE THIS STORY
RELATED STORIES
How to Containerize a Python Application with Paketo Buildpacks SUSE Unveils Rancher 2.7.2, Enhanced Kubernetes Management Can Rancher Deliver on Making Kubernetes Easy? Container or VM? How to Choose the Right Option in 2023 Walkthrough: Bitwarden's New Secrets Manager
TNS owner Insight Partners is an investor in: The New Stack, Docker.
RELATED STORIES
Tech Backgrounder: Slim.AI Makes Container Hardening Easier How Otomi Helped the City of Utrecht Move to Kubernetes How to Protect Containerized Workloads at Runtime 4 Ways to Enhance Your Dockerfiles Chainguard Improves Security for Its Container Image Registry
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.