This page does not document anything new, but it aims to be a
central document to list all the steps and considerations
necessary to run gVisor in a production environment.
This includes:
- How to make the decision to use sandboxing at all or not
(which security benefits sandboxing bring, how to think
about them).
- How to make the decision about which components to sandbox.
- What the security/performance tradeoffs are.
- How to minimize the performance impact.
- How to configure gVisor for best performance.
Also includes a crude comparative diagrams of various ways
to organize a typical production stack.
PiperOrigin-RevId: 466491023
This adds a new short tutorial on how to run Knative services in gVisor by
enabling the runtime class feature flag for Knative.
Fixes#3634
PiperOrigin-RevId: 374999528
Adds a Docker Compose tutorial to the website that shows how to start a
Wordpress site and includes information about how to get DNS working.
Fixes#115
PiperOrigin-RevId: 330652842
Update the cniVersion used in the CNI tutorial so that it works with
containerd 1.2. Containerd 1.2 includes a version of the cri plugin
(release/1.2) that, in turn, includes a version of the
cni library (0.6.0) that only supports up to 0.3.1.
https://github.com/containernetworking/cni/blob/v0.6.0/pkg/version/version.go#L38
PiperOrigin-RevId: 329837188
Groups subcategories and sorts their pages by weight properly. Subcategories
are sorted by name. Pages within subcategories are sorted by weight.
PiperOrigin-RevId: 324766128
Adds a netns flag to runsc spec that allows users to specify a network
namespace path when creating a sample config.json file. Also, adds the ability
to specify the command arguments used when running the container.
This will make it easier for new users to create sample OCI bundles without
having to edit the config.json by hand.
PiperOrigin-RevId: 320486267
gVisor bot
Jing Chen
Evan Phoenix
Caleb Woodbine
Andrei Vagin
Andrei Vagin
Adin Scannell
Fabricio Voznika
Etienne Perot
Ian Lewis
Mikael Mello