Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
vocram
3y ago
0 comments
Save
Share
The instance exposed by GCE is virtualized. If you want to run any hw virtualized workload inside it, you need nested virtualization.
0 comments
3 comments · 1 top-level
top
newest
oldest
bogomipz
3y ago
· 2 in thread
I'd be curious to hear more about your Kubernetes workloads. What virtualized hardware do your pods require?
dilyevsky
3y ago
Any untrusted workloads (say CI runners running your clients arbitrary code) better be run inside kata containers so you can’t use t2a vms for that
bogomipz
3y ago
In GKE you can just enable GKE Sandbox/gVisor on a node pool to run your untrusted workloads. gVisor serves the same purpose as Kata containers.
1 more reply
j
/
k
navigate · click thread line to collapse
