diff options
author | Adin Scannell <ascannell@google.com> | 2020-04-27 22:24:58 -0700 |
---|---|---|
committer | Adin Scannell <ascannell@google.com> | 2020-05-06 14:15:18 -0700 |
commit | 508e25b6d6e9a81edb6ddf8738450b79898b446a (patch) | |
tree | a7f6105ac25c8a879ed880e477d89ec6b6eb1a24 /website/index.md | |
parent | 8cb33ce5ded7d417710e7e749524b895deb20397 (diff) |
Adapt website to use g3doc sources and bazel.
This adapts the merged website repository to use the image and bazel
build framework. It explicitly avoids the container_image rules provided
by bazel, opting instead to build with direct docker commands when
necessary.
The relevant build commands are incorporated into the top-level
Makefile.
Diffstat (limited to 'website/index.md')
-rw-r--r-- | website/index.md | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/website/index.md b/website/index.md new file mode 100644 index 000000000..f09a7e89e --- /dev/null +++ b/website/index.md @@ -0,0 +1,70 @@ +--- +title: gVisor +layout: base +--- + +<div class="jumbotron jumbotron-fluid"> + <div class="container text-center"> + <p>Efficient defense-in-depth for container infrastructure anywhere.</p> + <p style="margin-top: 20px;"> + <a class="btn" href="/docs/">Get Started <i class="fas fa-arrow-alt-circle-right ml-2"></i></a> + <a class="btn btn-inverse" href="https://github.com/google/gvisor">GitHub <i class="fab fa-github ml-2"></i></a> + </p> + </div> +</div> + +<div class="container"> <!-- Full page container. --> + +<!-- +<div class="row"> + <div class="col-md-3"></div> + <div class="col-md-6"> + <h3>gVisor is an open-source application kernel and container runtime for + adding defense-in-depth or sandboxing workloads safely and easily. gVisor is + a container-native technology, designed to improve container isolation + without sacrificing the benefits of container efficiency and + portability.</h3> + </div> + <div class="col-md-3"></div> +</div> +--> + +<div class="row"> + + <div class="col-md-4"> + <h4 id="seamless-security">Container-native Security</h4> + <p>By providing each container with its own application kernel instance, + gVisor limits the attack surface of the host while still integrating + seamlessly with popular container orchestration systems, such as Docker and + Kubernetes. This includes support for advanced features, such as a volumes, + terminals and sidecars, and still providing visibility into the application + behavior through cgroups and other monitoring mechanisms. + </p> + <a class="button" href="/docs/architecture_guide/security/">Read More »</a> + </div> + + <div class="col-md-4"> + <h4 id="resource-efficiency">Resource Efficiency</h4> + <p>Containers are efficient because workloads of different shapes and sizes + can be packed together by sharing host resources. By using host native + abstractions such as threads and memory mappings, gVisor closely co-operates + with the host to enable the same resource model as native containers. + Sandboxed containers can safely and securely share host resources with each + other and native containers on the same system. + </p> + <a class="button" href="/docs/architecture_guide/resources/">Read More »</a> + </div> + + <div class="col-md-4"> + <h4 id="platform-portability">Platform Portability</h4> + <p>Modern infrastructure spans multiple clouds and data centers, often using + a mix of virtualized instances and traditional servers. The pluggable + platform architecture of gVisor allows it to run anywhere, enabling security + policies to be enforced consistently across multiple environments. + Sandboxing requirements need not dictate where workloads can run. + </p> + <a class="button" href="/docs/architecture_guide/platforms/">Read More »</a> + </div> +</div> + +</div> <!-- container --> |