GCP can run untrusted workloads

Google’s Kubernetes Engine (GKE) now supports node pools that are wrapped in gVisor to allow running untrusted workloads. The idea behind gVisors is to emulate all system calls in user space and provide a sandbox to processes that cannot be trusted. GKE allows to enable this with a configuration option now.

GKE on GCP

New GKE Sandbox brings added security to your containers running in Google Kubernetes Engine clusters.

Source: GKE Sandbox: Bring defense in depth to your pods | Google Cloud Blog

Docker 1.10

Docker announced version 1.10 past week. The new release contains more than 100 improvements over the previous version. New features include better resource management, a more flexible docker-compose file format and improvements to security. These are in particular through user namespace isolation, implementation of seccomp for syscall filtering and an authorization plugin to restrict access to Docker engine features.

We’re pleased to announce Docker 1.10, jam-packed with stuff you’ve been asking for. It’s now much easier to define and run complex distributed apps with Docker Compose. The power that Compose brou…

via: Docker Blog
Release notes.