[wmf]

Internal Google stuff does not use KVM and that's one reason it took them a while to offer VMs — they had little experience with it.

[bogomipz]

Do you or anyone else know if there is another reason for doing this besides security?

[wmf]

I can't speak for Google, but there are several reasons. Docker and k8s are not multitenant, so if you want to build a public k8s cloud you need a tenant layer under it. That layer could also be containers (e.g. LXD), but then you're talking about secure nested containers which was not really available in November 2014.

[bogomipz]

Oh good insight. That makes a lot of sense. Thanks.