I'm toying with the idea of building a Python-only micro-PaaS (at least that's what I'm calling it ;)) on top of OpenShift - something similar to PythonAnywhere
, but for a specific business niche.
I've been thinking through the security aspects of the project. It would be a multitenant application so one of the big questions is whether to isolate customers with a hypervisor, or if the container isolation is sufficient. I would prefer the latter, of course, given the reduced complexity and increased efficiency.
In the Adrian Mouat's ebook Docker Security
he writes, "If you have a multitenancy setup, running containers for multiple users (whether these are internal users in your organization or external customers), ensure that each user is placed on a separate Docker host". This advice is now two years old, so I'm wondering if the improvements in Docker security since then (eg. user-namepsaces, seccomp), together with the security features that OpenShift brings/integrates with (multi-tenant networking, SELinux, s2i builds etc) mean that this advice is still current?
I heard Brendan Burns discussing Kubernetes security on the ArchiTECHt podcast
. He says that unless you trust two users to have a login to the same machine then you shouldn't allow those users to run containers on the machine because any kernel level vulnerability is going to be exploitable, and you'll be able to jump out of one container and jump into the other. He goes on to mention hyperd. If you have authenticated (paying) users, up to date kernel patches and the security features mentioned above how likely do you think an exploit like this is? Also, has anyone given any thought to integrating hyperd and OpenShift?
Thanks for any thoughts/advice.