Account Login
Jump to section

What are sandboxed containers?

Copiar URL

A sandbox is a tightly controlled environment where an application runs. Sandboxed environments impose permanent restrictions on resources and are often used to isolate and execute untested or untrusted programs without risking harm to the host machine or operating system. Sandboxed containers add a new runtime to container platforms keeping your program isolated from the rest of the system using lightweight virtual machines which then start containers inside these pods.

Sandboxed containers are typically used in addition to the security features found within Linux containers.

Sandboxed containers are ideal for workloads that require extremely stringent application-level isolation and security, like privileged workloads running untrusted or untested code and a Kubernetes-native experience. By using a sandboxed container you can further protect your application from remote execution, memory leaks, or unprivileged access by isolating:

  • developer environments and privileges scoping
  • legacy containerized workloads 
  • third-party workloads
  • resource sharing (CI/CD Jobs, CNFs, etc.) and deliver safe multi-tenancy

 

Kata Containers as a Service

Red Hat OpenShift sandboxed containers, based on the Kata Containers open source project, provides an additional layer of isolation for applications with stringent security requirements via Open Container Initiative (OCI)-compliant container runtime using lightweight virtual machines running your workloads in their own isolated kernel. Red Hat OpenShift achieves this through our certified Operator framework which manages, deploys, and updates the Red Hat OpenShift sandboxed containers Operator. 

The Red Hat OpenShift sandboxed containers’ Operator delivers and continuously updates all the required bits and pieces to make Kata Containers usable as an optional runtime on the cluster. That includes but is not limited to:

Red Hat OpenShift sandboxed containers are now generally available.

Keep reading

Documentation

Sandboxed Containers Documentation

Read the documentation about OpenShift sandboxed containers

Blog

The Dawn of Red Hat OpenShift Sandboxed Containers

OpenShift sandboxed containers is now available on the OpenShift Container Platform as a technology preview feature.

Blog

What's new

Red Hat OpenShift Sandboxed Containers now generally available.

Leia mais sobre containers

Soluções Red Hat

Red Hat OpenShift

Uma plataforma empresarial de aplicações em container Kubernetes com um stack completo de operações automatizadas para gerenciar implantações de nuvem híbrida, multicloud e edge.

Conteúdo adicional

Datasheet

Red Hat OpenShift: tecnologia de container para nuvem híbrida

O Red Hat® OpenShift® é uma plataforma empresarial de containers Kubernetes que ajuda organizações em todo o mundo a criar, implantar, executar, gerenciar e proteger aplicações inovadoras em nuvens híbridas.

Datasheet

Red Hat OpenShift Kubernetes Engine

O Red Hat OpenShift Kubernetes Engine consiste em vários componentes essenciais e totalmente integrados para criação, implantação e gerenciamento de aplicações em containers.

Ebook

Transforme suas aplicações

Conheça as tendências atuais para a transformação de aplicações e como modernizar sua TI usando serviços em nuvem e plataformas de aplicações em nuvem híbrida.

Treinamentos Red Hat

Treinamento gratuito

Running Containers with Red Hat Technical Overview

Treinamento gratuito

Containers, Kubernetes and Red Hat OpenShift Technical Overview

Treinamento gratuito

Developing Cloud-Native Applications with Microservices Architectures

Illustration - mail

Quer receber mais conteúdo deste tipo?

Cadastre-se para receber a nossa newsletter Red Hat Shares.