Over a million developers have joined DZone.

Containers, Security, and Double Dipping

If you're implementing containers, make sure their kernels are kept wide apart.

· Cloud Zone

Build fast, scale big with MongoDB Atlas, a hosted service for the leading NoSQL database on AWS. Try it now! Brought to you in partnership with MongoDB.

One of the common misconception about containers is that they act as light VMs. Which would make you think they are perfectly isolated. It's not true. While they all give you some level of isolation, they all share a common kernel. And that is the main idea actually. Containers are lightweight because you don't have to emulate the whole thing, because they share a common kernel.

Running your containers in production on some cloud provider might put you in a situation where your container will share a kernel with some unknown container. Does this make you uncomfortable?

The Double Dipping Analogy

Pretend you are at a party. And you are sharing a dip with someone. And that someone double dips. Do you keep sharing? If that someone is your significant other and you are of a trusting nature you will probably continue. If you absolutely don't know that person, you are a lot less likely to continue. And then let's say some people are adventurous, or maybe you are Bear Grylls. And by the way you'll find answers to all your double dip questions on this article.

Putting containers in production on a cloud is a little similar. If you have your own machine and you know all the containers sharing the same kernel, and you are of a trusting nature, you will probably continue. If you absolutely don't know the other containers sharing that kernel, you are less likely to continue. And then some people don't care and just like to watch the world burn.

some people just like to watch the world burn

We all have our own trust level. Some people will never run two containers on one kernel because you never know what could happen. Others will be ok to share a kernel as long as they know all the other sharing parties. And some won't care about it and have their containers share a kernel with perfect strangers.

Containers are great, just make sure you know what you are getting into. And if you want to run Couchbase in a Docker container, you should check out our documentation.

Now it's easier than ever to get started with MongoDB, the database that allows startups and enterprises alike to rapidly build planet-scale apps. Introducing MongoDB Atlas, the official hosted service for the database on AWS. Try it now! Brought to you in partnership with MongoDB.

Topics:
containers ,vms ,cloud ,cloud security

Published at DZone with permission of Laurent Doguin, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}