Deep Dive into firecracker-containerd
Using lightweight virtual machines to enhance the container security boundary
Noah is a Systems Development Engineer at Amazon Web Services in Seattle, where he works on Linux container runtimes with a focus on container isolation. He has also been a Debian developer since 2000 and an OpenWRT package maintainer since 2014. When not working on Linux, he's probably either playing with his two young children or pedaling a bicycle.
Samuel Karp is a Senior Software Development Engineer at Amazon Web Services, working on the Container Services team. For the past four years, Sam has helped build and operate Amazon Elastic Container Service and AWS Fargate. Sam has been a Linux enthusiast since 2004 and a container enthusiast since 2014.
Amazon Web Services recently released the Firecracker Virtual Machine Manager (VMM) built on top of the Linux KVM subsystem, which is optimized for lightweight, container-like "microVMs". This session dives deep into the architecture of the firecracker-containerd project, which aims to allow portability between standard OCI container images and the larger container ecosystem with Firecracker micro-VMs. Topics covered will include the standard containerd architecture with the reference OCI runtime (runc), challenges adapting containers into micro-VMs, and the firecracker-containerd suite.
- 45 min
- LinuxFest Northwest 2019