undefined | Better HN

0 pointsbogomipz3y ago0 comments

In GKE you can just enable GKE Sandbox/gVisor on a node pool to run your untrusted workloads. gVisor serves the same purpose as Kata containers.

0 comments

3 comments · 1 top-level

dilyevsky3y ago· 2 in thread

Yes except slow io

Can you elaborate? What type of I/O, network, disk? What is the issue exactly?

You can refer to gvisor performance docs - https://gvisor.dev/docs/architecture_guide/performance/#file... throughput is really terrible, same deal with networking and also if your userland issues a lot of syscalls

j / k navigate · click thread line to collapse