|
|
|
|
|
|
by nijave
1196 days ago
|
|
|
I guess that depends on your use case and risk profile. Linux containers are a pretty well established isolation mechanism and you can potentially add some additional safety with per-tenant dedicated nodepools. If pods have added privileges or there is a really low risk tolerance, maybe that's not enough isolation. Sounds like you can change the container runtime with EKS (not sure if that impacts AWS support) so you could use gVisor or runvm https://www.verygoodsecurity.com/blog/posts/secure-compute-p... |
|
|