blob: d72f746c988863335a3d464eeb5c14569747db46 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
---
layout: base
---
<div class="jumbotron jumbotron-fluid">
<div class="container">
<div class="row">
<div class="col-md-3"></div>
<div class="col-md-6">
<p>gVisor is an <b>application kernel</b> and <b>container runtime</b> providing defense-in-depth for containers <em>anywhere</em>.</p>
<p style="margin-top: 20px;">
<a class="btn" href="/docs/">Learn More <i class="fas fa-arrow-alt-circle-right ml-2"></i></a>
<a class="btn btn-inverse" href="https://github.com/google/gvisor">GitHub <i class="fab fa-github ml-2"></i></a>
</p>
</div>
<div class="col-md-3"></div>
</div>
</div>
</div>
<div class="container"> <!-- Full page container. -->
<div class="row">
<div class="col-md-4">
<h4 id="seamless-security">Container-native Security <i class="fas fa-lock"></i></h4>
<p>By providing each container with its own userspace kernel, gVisor limits
the attack surface of the host. This protection does not limit
functionality: gVisor runs unmodified binaries and integrates with container
orchestration systems, such as Docker and Kubernetes, and supports features
such as volumes and sidecars.</p>
<a class="button" href="/docs/architecture_guide/security/">Read More »</a>
</div>
<div class="col-md-4">
<h4 id="resource-efficiency">Resource Efficiency <i class="fas fa-feather-alt"></i></h4>
<p>Containers are efficient because workloads of different shapes and sizes
can be packed together by sharing host resources. gVisor uses host-native
abstractions, such as threads and memory mappings, to co-operate with the
host and enable the same resource model as native containers.</p>
<a class="button" href="/docs/architecture_guide/resources/">Read More »</a>
</div>
<div class="col-md-4">
<h4 id="platform-portability">Platform Portability <sup>☁</sup>☁</h4>
<p>Modern infrastructure spans multiple cloud services and data centers,
often with a mix of managed services and virtualized or traditional servers.
The pluggable platform architecture of gVisor allows it to run anywhere,
enabling consistent security policies across multiple environments without
having to rearchitect your infrastructure.</p>
<a class="button" href="/docs/architecture_guide/platforms/">Read More »</a>
</div>
</div>
</div> <!-- container -->
|