Container Runtimes... on Lockdown: The Hidden Costs of Multi... Lewis Denham-Parry & Caleb Woodbine
on Lockdown: The Hidden Costs of Multi... Lewis Denham-Parry, Caleb Woodbine
KubeCon + CloudNativeCon Europe 2025 · Session
In an era where cloud-native architectures dominate enterprise infrastructure, the talk "Container Runtimes... on Lockdown: The Hidden Costs of Multi..." by Lewis Denham-Parry and Caleb Woodbine delves into the critical, yet often overlooked, challenge of **workload isolation** within Kubernetes environments. The speakers highlight that while Kubernetes provides powerful abstractions for managing compute resources, the underlying reality is that containers are merely processes running side-by-side on a shared host kernel. This inherent sharing introduces significant security risks, particularly in **multi-tenant** scenarios where diverse and potentially untrusted workloads coexist.
AI review
This is not another 'awareness' session. Denham-Parry and Woodbine cut through the marketing fluff to deliver a brutally honest assessment of container isolation in multi-tenant Kubernetes environments. They meticulously dissect the underlying mechanisms of various runtimes, from `runc` to `Gvisor`, `Kata`, and even emerging Type-1 hypervisor solutions, exposing the real trade-offs between security, performance, and complexity. The discussion around `Leaky Vessels` and the inherent risks of a shared kernel is critical, and their 'Am I Isolated?' tool is a damn useful step towards…