| ▲ | buremba 4 hours ago | |||||||
Neat! I wasn’t aware that Docker has an embedded microVM option. I use Kata Containers on Kubernetes (Firecrackers) and restrict network access with a proxy that supports you to block/allow domain access. Also swap secrets at runtime so agents don’t see any secrets (similar to Deno sandboxes) If anybody is interested in running agents ok K8S, here is my shameless plug: https://github.com/lobu-ai/lobu | ||||||||
| ▲ | TheTaytay an hour ago | parent | next [-] | |||||||
Woah, that looks great. I’ve been looking for something like this. Neither thr readme or the security doc go into detail on the credential handling in the gateway. Is it using tokens to represent the secrets, or is the client just trusting that the connection will be authenticated? I’m trying to figure out how similar this is to something like Fly’s tokenizer proxy. | ||||||||
| ▲ | debarshri 4 hours ago | parent | prev [-] | |||||||
Kata containers are the right way to go about doing sandboxing on K8s. It is very underappreciated and, timing-wise, very good. With ec2 supporting nested virtualization, my guess is there is going to be wide adoption. | ||||||||
| ||||||||