Just one question about isolation of Clear Container.
As we known, Clear Container use vm to provides underlay process isolation,
it indeed makes container be more secure, but I'm thinking if this is
enough for multi-tenant env, for example, image management, if client A
pulls a image, then client B may see the image, actually this is not
allowed in multi-tenant environment.
I also have some concerns about the isolation of network and storage.
So maybe what I'm looking for is an end to end isolation solution to use
clear container in multi-tenant environment, includes the isolation of
network, storage, image and process. :)
Show replies by thread