
Isola: Secure Sandboxing for Kubernetes
Hi Reddit, I'd like to share with you all a passion project of mine: Isola. It is an open source and cloud agnostic way to sandbox untrusted or LLM/agent generated code inside existing Kubernetes clusters.
It is written in Go, with a REST api + python and typescript SDKs. It allows you to programatically create sandbox pods (isolated with gVisor's userspace kernel), snapshot and restore the sandbox filesystem (to allow init-once user-many-times or sandbox state rollback semantics), advanced networking controls and more.
Install with Helm anywhere (including easy local setup over something like kind or k3s).
I am very happy to discuss the architecture and implementation details here, spent a lot of time on getting it just right (in my opinion) - upstreamed contributions to gVisors to make some features I wanted work, or iterated a lot until I was able to have the snapshots lazily loaded from bucket storage instead of filling up nodes (and thanks for rclone for that).
Hope you like it!