TNS
VOXPOP
How has the recent turmoil within the OpenAI offices changed your plans to use GPT in a business process or product in 2024?
Increased uncertainty means we are more likely to evaluate alternative AI chatbots and LLMs.
0%
No change in plans, though we will keep an eye on the situation.
0%
With Sam Altman back in charge, we are more likely to go all-in with GPT and LLMs.
0%
What recent turmoil?
0%
Containers / Kubernetes / Security

Kubernetes and the Return of the Virtual Machines

Jan 17th, 2019 3:00pm by
Featued image for: Kubernetes and the Return of the Virtual Machines
Feature image via Pixabay.


#174: Kubernetes and the Return of the Virtual Machines

This week on The New Stack Analysts podcast, we take a closer look at the appeal of using virtual machines in Kubernetes environments.

The discussion was sparked by a popular blog post penned last month by Pivotal Principal Technologist Paul Czarkowski. The problem with basic Docker-styled containers is that they do not offer sufficient security in multitenant environments, where multiple deployments intermingle on the same set of Kubernetes-controlled servers. So we spoke with Czarkowski to learn more of his thinking.

Linux containers all rely on a shared kernel from the kernel, and isolation is provided by the kernel through namespaces. The Kubernetes API, however, is not secured, and most K8s components are not aware of the tenants. This is forcing service providers to provision Kubernetes workloads for different clients as separate clusters, not taking full advantage of the full savings that Kubernetes could provide by pooling workloads on the same cluster, Czarkowski argued.

Virtual machines — the cutting edge technology of the last decade — do offer the sufficient isolation to keep one client from peaking into another’s workload, he suggested. The major cloud providers offer container services nested in VMs for isolation (see Amazon Web Services’ Fargate). And Google’s gVisor, and Kata containers are two efforts to provide isolation for containers using slimmed down virtual machines.

In the second half of this podcast (recorded separately), we spoke with Joe Fernandes, Red Hat vice president for cloud platforms, about the commercial implications of this movement back towards VMs. He spoke about the security benefits that Red Hat’s OpenShift — Red Hat’s Kubernetes commercial distribution — brings to containers, as well as the adoption of technologies such as gVisor. We also spoke about the growing use of Kubernetes to manage non-container resources such as VMs, or serverless workloads via technologies such as KNative.

In this Edition:

3:39: When you’re talking about multitenancy, what do you mean in terms of a shared Kubernetes service?
10:29: Exploring the working groups in Kubernetes to tackle this problem.
15:04: Comparing VMs, isolation, and controls from a user standpoint versus using containers.
22:45: Are VMs the future of Kubernetes? What is the core issue here?
30:00: Does OpenShift support some of these micro-VMs?
34:22: Eventually, Kubernetes will be able to run on VMs the way that it runs in containers. What is the value proposition for companies that haven’t moved to containers to do so?

TNS editorial director Libby Clark hosted this episode of TNS Analysts, with the help of TNS managing editor Joab Jackson.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: The New Stack, Docker.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.