Sydney, Australia
December 12–13, 2019
Click here for more information and registration
Back To Schedule
Thursday, December 12 • 11:40 - 12:05
Securing Untrusted Workloads with Kata Containers on Kubernetes - David Angot & Alex Price, Atlassian

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Whilst containers have allowed for quick and easy deployment and execution of workloads, they come with their drawbacks in terms of security and isolation. This is evident when running untrusted workloads, where isolation and separation of customer workloads is paramount in a multi-tenanted environment.

With years of experience running the Bitbucket Pipelines infrastructure, Atlassian engineers David Angot and Alex Price will explore the challenges faced, such as kernel vulnerabilities, providing access to Docker in Docker (DinD) and “privileged” containers when managing a platform that executes untrusted code.

With security in mind, they will explore Kata Containers, a runtime for Containerd and CRI-O that provisions Kubernetes pods as Virtual Machines, each with their own kernel and resources and most importantly isolation.


David Angot

Senior Engineer, Atlassian
Having been in a large variety of teams in Atlassian, David has alot of experience as a sysadmin. He pioneered Kubernetes at Atlassian and started the Kubernetes Platform team, where he still is today. He is the security champion within the team, advocating and ensuring security within... Read More →
avatar for Alex Price

Alex Price

Developer, Atlassian
Alex is a Developer in Atlassian's Kubernetes Platform team. His day to day involves working with containers, Linux, improving the security of clusters and providing platform services in the team's Kubernetes clusters. He is currently working on migrating the company's CI/CD workloads... Read More →

Thursday December 12, 2019 11:40 - 12:05 AEDT
Keynote + Advanced Session Hall