osep: add OSEP-0004 secure container runtime support#177
osep: add OSEP-0004 secure container runtime support#177hittyt wants to merge 1 commit intoalibaba:mainfrom
Conversation
hittyt
requested review from
Generalwin,
Pangjiping,
Spground,
fengcone,
jwx0925,
kevinlynx and
ninan-nn
as code owners
| - Breaks abstraction between Docker and K8s modes | ||
| - User code becomes deployment-specific | ||
|
|
||
| **Decision**: Rejected. The abstraction layer is essential for deployment-agnostic user code. |
There was a problem hiding this comment.
This conflicts with the implementation level. In Kubernetes implementations, the SRE administrator must be aware of the runtimeClass when setting the SandboxPool.
| 2. **Performance Overhead**: Secure runtimes add latency and resource overhead compared to runc: | ||
| - gVisor: ~10-50ms additional startup, minimal memory overhead | ||
| - Firecracker: ~125ms cold start, ~5MB memory per microVM | ||
| - Kata: ~500ms cold start, ~20-50MB memory per VM |
There was a problem hiding this comment.
The kata-container has many underlying VM implementations, and the performance data of different implementations varies.
| | Secure Runtime | Local Docker | Kubernetes | Notes | | ||
| |---------------|--------------|------------|-------| | ||
| | gVisor (runsc) | Full support | Full support | Via RuntimeClass | | ||
| | Firecracker | Partial | Full support | Docker requires containerd setup | |
There was a problem hiding this comment.
Docker does not natively support Firecracker and must run on Kata. There is no need to support Docker + Firecracker anymore.
| [secure_runtimes.firecracker] | ||
| enabled = true | ||
| docker_runtime = "firecracker" # Requires containerd + firecracker | ||
| k8s_runtime_class = "kata-fc" # Some clusters expose via kata |
There was a problem hiding this comment.
Firecracker cannot run "natively" as a Kubernetes CRI (Container Runtime Interface). It is a lightweight Virtual Machine Monitor (VMM) that provides microVM capabilities, while the CRI is an interface designed for container runtimes. The correct ways to use Firecracker in Kubernetes:
- firecracker-containerd (closest to native approach)
- Kata Containers + Firecracker
In this osep, recomand cri ish firecraker via kata ?
|
@codex review |
|
Codex Review: Didn't find any major issues. Nice work! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
3 participants
Summary
OpenSandbox executes untrusted AI-generated code. Standard container isolation (runc) may not provide sufficient protection against container escape attempts. Secure container runtimes provide hardware-level isolation to protect the host system.
This PR add OSEP-0004: Pluggable Secure Container Runtime Support - a design proposal for integrating secure container runtimes (gVisor, Firecracker, Kata Containers) into OpenSandbox.
Testing
Breaking Changes
Checklist