If further isolation and encapsulation of containers is required, the following measures SHOULD be examined based on increasing effectiveness:
fixed assignment of containers to container hosts,
execution of the individual containers and/or the container host with hypervisors,
fixed mapping of a single container to a single container host.
OpenShift offers the option of binding containers (in pods) to specific nodes using node labels and node selectors in the deployment descriptors. These can also be made available as virtual machines via hypervisors (via IaaS or via OpenShift Sandboxes). This implements all three assignments mentioned in the requirement.
sluetze
commented
1 month ago