A detailed overview of Kata Containers architecture end-to-end.
If you are curious how sandboxed containers look like from the inside compared to normal containers, this thread will be covering the basics. test @openshift sandboxed containers is used to bootstrap and configure the runtime (aka @katacontainers) for the extra layer of isolation. It is also worth noting, that in all the following snippets, NO other fancy hardening is done (e.g., admission controllers, PSPs, PSA, SELinux,…). Don’t try this at home!