The Sandboxed-Container runtime uses a lightweight virtual machine to host an application and its environment. It provides kernel simulation for the pods of the application and isolates the pods from the external environment. This protects the host or other containers against attacks or vulnerabilities inside the sandboxed containers. Container Service for Kubernetes (ACK) allows you to create node pools to manage nodes. This topic describes how to create a node pool that runs sandboxed containers.
Limits
You can create a node pool that runs sandboxed containers only in ACK managed clusters and ACK dedicated clusters whose Kubernetes versions are 1.30 or earlier.
Procedure
When you create a node pool, select Sandboxed-Container as the container runtime. For more information, see Create a node pool.
