We’ve loved containers since 2013. Docker, its predecessors, and the industry that grew around Docker (and later Kubernetes) have done amazing work. However, we never liked the inherent security weaknesses, sluggishness, and bloat that came with containers. We wondered whether it would be possible to keep the many good things about containers, while fixing their weaknesses. The answer is yes. It’s called a “Kontainer”.
Four core cyber security principles that aren’t practiced nearly enough are: (1) Minimize attack surface, (2) minimize blast radius, (3) zero-trust, and (4) defense in depth. Briefly, Kontain delivers these protections by (a) significantly reducing the size of Kontainer artifacts, (b) running every instance of every Kontainer in it’s own private KVM virtual machine that is itself far smaller (and quicker) than a typical VM, (c) never trusting two Kontainers to run inside the same VM on a gigantic, shared, and unnecessary OS kernel, and (d) providing a method of vulnerability protection that none of your other security products can.
Nope. Your existing suite of security solutions have their own jobs to do, and Kontain complements them. Kontain provides protections that none of your other security solutions can. For example, there was no security product on the market that protected you from the infamous Log4Shell zero-day vulnerability before the exploit became widely known. But if you’d been using Kontain, you would have been immune from Log4Shell, even before the vulnerability was publicized. The same is true for many other vulnerabilities.
No! Kontain is integrated with Docker, and can run alongside Docker, as well as other container runtimes, even on the same Kubernetes node. We’ve preserved all the great capabilities of Docker, even as we have replaced the bloated, inefficient, and non-secure runtime environment of traditional containers. We built Kontain for people who love containers and love Docker, but want to use them in a way that is vastly more secure, efficient, and speedy.
Very, very little. You can build Kontainers from your unmodified application code. Depending on your implementation choices, you may need to slightly modify your dockerfiles. Other than that, your development, build, and testing is unchanged. Deploying Kontain is equally easy; you merely need to make sure the Kontain runtime is installed and invoked whenever you or your orchestration system wants to run a Kontainer. Since you don’t have to change your source code at all, and Kontain is OCI and CRI compatible, you don’t have to make a big commitment to try Kontain. Just try it on one of the microservices in your app, leaving your other microservices as traditional containers. Over time, you can convert your other containers to Kontainers at whatever pace you see fit. And converting from Kontainers back to containers is as simple as going back to your original dockerfile.