This repository has been archived by the owner on Aug 14, 2020. It is now read-only.
spec: security and isolators conflated? #349
Comments
|
Reference to "what Red Hat and Kubernetes hammered out"? |
|
https://github.com/GoogleCloudPlatform/kubernetes/pull/3910/files A wholly distinct type for security |
jonboulle
changed the title
|
@thockin I am wondering how much exactly this needs to be teased apart; we already have some distinction between "resource isolators" and "other isolators" (currently, just Linux isolators). What if we just codify that more formally as "resource isolators" and "security isolators"? |
|
Sorry for being absentee - I'm slammed. My main point with this is that I was surprised to see these (to me) very different ideas being managed by the same mechanism. I'm not actually deeply familiar with all the use cases around security, sadly. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Regarding capabilities as an isolator. This is counter to what Red Hat and Kubernetes hammered out. Security is very different from performance and resource isolation. I'm not a security buff, but I find this awkward. Apologies if this has been done to death.
The text was updated successfully, but these errors were encountered: