How to sandbox untrusted code in Kubernetes How to sandbox untrusted code in Kubernetes kubernetes kubernetes

How to sandbox untrusted code in Kubernetes


You are correct, all containers in a pod share the same networking so you can't easily differentiate it. In general Kubernetes is not suitable for running code you assume to be actively malicious. You can build such a system around Kubernetes, but K8s itself is not nearly enough.