diff options
Diffstat (limited to 'website')
-rw-r--r-- | website/index.md | 34 |
1 files changed, 14 insertions, 20 deletions
diff --git a/website/index.md b/website/index.md index 31587fc2f..d72f746c9 100644 --- a/website/index.md +++ b/website/index.md @@ -8,7 +8,7 @@ layout: base <div class="col-md-6"> <p>gVisor is an <b>application kernel</b> and <b>container runtime</b> providing defense-in-depth for containers <em>anywhere</em>.</p> <p style="margin-top: 20px;"> - <a class="btn" href="/docs/">Get Started <i class="fas fa-arrow-alt-circle-right ml-2"></i></a> + <a class="btn" href="/docs/">Learn More <i class="fas fa-arrow-alt-circle-right ml-2"></i></a> <a class="btn btn-inverse" href="https://github.com/google/gvisor">GitHub <i class="fab fa-github ml-2"></i></a> </p> </div> @@ -22,36 +22,30 @@ layout: base <div class="row"> <div class="col-md-4"> <h4 id="seamless-security">Container-native Security <i class="fas fa-lock"></i></h4> - <p>By providing each container with its own application kernel instance, - gVisor limits the attack surface of the host while still integrating - seamlessly with popular container orchestration systems, such as Docker and - Kubernetes. This includes support for advanced features, such as a volumes, - terminals and sidecars, and still providing visibility into the application - behavior through cgroups and other monitoring mechanisms. - </p> + <p>By providing each container with its own userspace kernel, gVisor limits + the attack surface of the host. This protection does not limit + functionality: gVisor runs unmodified binaries and integrates with container + orchestration systems, such as Docker and Kubernetes, and supports features + such as volumes and sidecars.</p> <a class="button" href="/docs/architecture_guide/security/">Read More »</a> </div> <div class="col-md-4"> <h4 id="resource-efficiency">Resource Efficiency <i class="fas fa-feather-alt"></i></h4> <p>Containers are efficient because workloads of different shapes and sizes - can be packed together by sharing host resources. By using host native - abstractions such as threads and memory mappings, gVisor closely co-operates - with the host to enable the same resource model as native containers. - Sandboxed containers can safely and securely share host resources with each - other and native containers on the same system. - </p> + can be packed together by sharing host resources. gVisor uses host-native + abstractions, such as threads and memory mappings, to co-operate with the + host and enable the same resource model as native containers.</p> <a class="button" href="/docs/architecture_guide/resources/">Read More »</a> </div> <div class="col-md-4"> <h4 id="platform-portability">Platform Portability <sup>☁</sup>☁</h4> - <p>Modern infrastructure spans multiple clouds and data centers, often using - a mix of virtualized instances and traditional servers. The pluggable - platform architecture of gVisor allows it to run anywhere, enabling security - policies to be enforced consistently across multiple environments. - Sandboxing requirements need not dictate where workloads can run. - </p> + <p>Modern infrastructure spans multiple cloud services and data centers, + often with a mix of managed services and virtualized or traditional servers. + The pluggable platform architecture of gVisor allows it to run anywhere, + enabling consistent security policies across multiple environments without + having to rearchitect your infrastructure.</p> <a class="button" href="/docs/architecture_guide/platforms/">Read More »</a> </div> </div> |