2019-11-18 21:40:27 +00:00
|
|
|
<div class="jumbotron jumbotron-fluid">
|
2020-04-28 07:39:29 +00:00
|
|
|
<div class="container">
|
|
|
|
<div class="row">
|
|
|
|
<div class="col-md-3"></div>
|
|
|
|
<div class="col-md-6">
|
2020-05-16 03:03:54 +00:00
|
|
|
<p>gVisor is an <b>application kernel</b> for <b>containers</b> that provides efficient defense-in-depth anywhere.</p>
|
2020-04-28 07:39:29 +00:00
|
|
|
<p style="margin-top: 20px;">
|
2020-05-16 03:03:54 +00:00
|
|
|
<a class="btn" href="/docs/user_guide/quick_start/docker/">Quick start <i class="fas fa-arrow-alt-circle-right ml-2"></i></a>
|
2020-04-29 18:45:04 +00:00
|
|
|
<a class="btn" href="/docs/">Learn More <i class="fas fa-arrow-alt-circle-right ml-2"></i></a>
|
2020-04-28 07:39:29 +00:00
|
|
|
</p>
|
|
|
|
</div>
|
|
|
|
<div class="col-md-3"></div>
|
|
|
|
</div>
|
2019-11-18 21:40:27 +00:00
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div class="container"> <!-- Full page container. -->
|
|
|
|
|
|
|
|
<div class="row">
|
|
|
|
<div class="col-md-4">
|
2020-04-28 07:39:29 +00:00
|
|
|
<h4 id="seamless-security">Container-native Security <i class="fas fa-lock"></i></h4>
|
2020-05-16 03:03:54 +00:00
|
|
|
<p>By providing each container with its own application kernel, gVisor
|
|
|
|
limits the attack surface of the host. This protection does not limit
|
2020-04-29 18:45:04 +00:00
|
|
|
functionality: gVisor runs unmodified binaries and integrates with container
|
|
|
|
orchestration systems, such as Docker and Kubernetes, and supports features
|
|
|
|
such as volumes and sidecars.</p>
|
2019-11-18 21:40:27 +00:00
|
|
|
<a class="button" href="/docs/architecture_guide/security/">Read More »</a>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div class="col-md-4">
|
2020-04-28 07:39:29 +00:00
|
|
|
<h4 id="resource-efficiency">Resource Efficiency <i class="fas fa-feather-alt"></i></h4>
|
2019-11-18 21:40:27 +00:00
|
|
|
<p>Containers are efficient because workloads of different shapes and sizes
|
2020-04-29 18:45:04 +00:00
|
|
|
can be packed together by sharing host resources. gVisor uses host-native
|
|
|
|
abstractions, such as threads and memory mappings, to co-operate with the
|
|
|
|
host and enable the same resource model as native containers.</p>
|
2019-11-18 21:40:27 +00:00
|
|
|
<a class="button" href="/docs/architecture_guide/resources/">Read More »</a>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div class="col-md-4">
|
2020-04-28 07:39:29 +00:00
|
|
|
<h4 id="platform-portability">Platform Portability <sup>☁</sup>☁</h4>
|
2020-04-29 18:45:04 +00:00
|
|
|
<p>Modern infrastructure spans multiple cloud services and data centers,
|
|
|
|
often with a mix of managed services and virtualized or traditional servers.
|
|
|
|
The pluggable platform architecture of gVisor allows it to run anywhere,
|
|
|
|
enabling consistent security policies across multiple environments without
|
|
|
|
having to rearchitect your infrastructure.</p>
|
2020-05-16 03:03:54 +00:00
|
|
|
<a class="button" href="/docs/architecture_guide/platforms/">Read More »</a>
|
2019-11-18 21:40:27 +00:00
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
</div> <!-- container -->
|