Container Runtimes
Running containers with alternative runtimes such as Kata Containers and gVisor (runsc) using Docker.
Docker supports alternative container runtimes through the --runtime flag. Kata Containers runs each container in a lightweight VM for stronger isolation, while gVisor (runsc) intercepts system calls in user space to reduce the kernel attack surface.
1
2
docker run --runtime kata -d nginx
docker run --runtime runsc -d nginx
This post is licensed under CC BY 4.0 by the author.