Account 登录
Jump to section

What are sandboxed containers?

复制 URL

A sandbox is a tightly controlled environment where an application runs. Sandboxed environments impose permanent restrictions on resources and are often used to isolate and execute untested or untrusted programs without risking harm to the host machine or operating system. Sandboxed containers add a new runtime to container platforms keeping your program isolated from the rest of the system using lightweight virtual machines which then start containers inside these pods.

Sandboxed containers are typically used in addition to the security features found within Linux containers.

Sandboxed containers are ideal for workloads that require extremely stringent application-level isolation and security, like privileged workloads running untrusted or untested code and a Kubernetes-native experience. By using a sandboxed container you can further protect your application from remote execution, memory leaks, or unprivileged access by isolating:

  • developer environments and privileges scoping
  • legacy containerized workloads 
  • third-party workloads
  • resource sharing (CI/CD Jobs, CNFs, etc.) and deliver safe multi-tenancy

 

Kata Containers as a Service

Red Hat OpenShift sandboxed containers, based on the Kata Containers open source project, provides an additional layer of isolation for applications with stringent security requirements via Open Container Initiative (OCI)-compliant container runtime using lightweight virtual machines running your workloads in their own isolated kernel. Red Hat OpenShift achieves this through our certified Operator framework which manages, deploys, and updates the Red Hat OpenShift sandboxed containers Operator. 

The Red Hat OpenShift sandboxed containers’ Operator delivers and continuously updates all the required bits and pieces to make Kata Containers usable as an optional runtime on the cluster. That includes but is not limited to:

Red Hat OpenShift sandboxed containers are now generally available.

Keep reading

Documentation

Sandboxed Containers Documentation

Read the documentation about OpenShift sandboxed containers

Blog

The Dawn of Red Hat OpenShift Sandboxed Containers

OpenShift sandboxed containers is now available on the OpenShift Container Platform as a technology preview feature.

Blog

What's new

Red Hat OpenShift Sandboxed Containers now generally available.

详细了解容器

产品

Red Hat OpenShift

企业就绪型 Kubernetes 容器平台,可实现全堆栈自动化运维,从而轻松管理混合云、多云和边缘部署。

相关资源

检查清单

在容器中开发应用:应与团队探讨的五个主题

技术概览

借助红帽OpenShift 将容器引入企业

电子书

增强混合云安全性

产品规格表

红帽 OpenShift:面向混合云的容器技术

培训

免费培训课程

"通过红帽来运行容器"技术概述

免费培训课程

容器、Kubernetes 和红帽 OpenShift 技术概述

免费培训课程

利用微服务架构开发云原生应用

Illustration - mail

获取更多类似的内容

免费订阅我们的 Red Hat Shares 通讯邮件