|
|
|
|
|
|
by bjackman
381 days ago
|
|
|
> container runtime that uses virtualization to protect the host True, by "container" I really meant "shared-kernel container". > In theory you could shove the container runtime into something like k8s Yeah this is actually supported by k8s. Whether that means it's actually reasonable to run completely untrusted workloads on your own cluster is another question. But it definitely seems like a really good defense-in-depth feature. |
|
|