|
|
|
|
|
|
by m11a
106 days ago
|
|
|
K8s gives you orchestration of Docker containers. I don’t think it handles the container boundary any more than Docker does. I don’t think it should be assumed to give network isolation, unless you’re also using extensions and something like Cilium for that purpose. I don’t think it’s the right primitive for agent sandboxes, or other kinds of agent infra. (Obviously, you could still run a custom runtime inside k8s pods, or something like GCP’s k8s gVisor magic.) |
|
|