alt Hacker NewsI think Kubernetes is a good candidate to run these sandboxes. It is just that you have to do a lot of annotations, node group management, pod security policies, etc., to name a few. Apply the principle of least privilege for access to mitigate risk.
I think Kata containers with Kubernetes is an even better sandboxing option for these agents to run remotely.
Shameless plugin here but we at Adaptive [1] do something similar.
We already do those things with k8s, so it's not an issue
The permissions issues you mention are handled by SA/WIF and the ADK framework.
Same question to OP, why do you think I need a special tool for this?