Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Could Kubernetes be written to use alternatives?
2 points by jmspring on May 14, 2018 | hide | past | favorite | 2 comments
Kubernetes as it stands is amazingling popular right now. I've done my fair share of contributions and deployments. Most deployments are Docker based (there is support for Kata Containers in some cases). But can it evolve/morph to support more secure non-Linux based mechanisms like FreeBSD Jails or Solaris Zones (yes, Solaris is a dead horse, but a good example)? People debate the security of a distro a docker image is based on -- Alpine is considered secure, but less so if one needs glibc.

I'm just curious if this is a concern and something people are considering? Linux does not have the same level of primitives to compare to Jails/Zones at this point. Is it needed, I don't know, but am curious about the options.



If you need more isolation than is available in regular Docker containers, take a look at some of the alternative container runtimes:

https://landscape.cncf.io/grouping=landscape&landscape=conta...

I also found both of these articles illuminating:

https://cloudplatform.googleblog.com/2018/05/Open-sourcing-g... https://cloudplatform.googleblog.com/2018/05/Exploring-conta...


Kubernetes' has a pluggable container interface, called CRI. You can implement non-Docker containers. For example, there's a runtime called Virtlet [1] that runs VMs instead of Docker.

I don't know of anyone working on CRI implementations for FreeBSD jails or Solaris Zones. At the moment, I believe Kubernetes has specific dependencies on Linux in other areas that the container runtime.

[1] https://www.mirantis.com/blog/virtlet-run-vms-as-kubernetes-...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: