What are sandboxed containers?

Copy URL

A sandbox is a tightly controlled environment where an application runs. Sandboxed environments impose permanent restrictions on resources and are often used to isolate and execute untested or untrusted programs without risking harm to the host machine or operating system. Sandboxed containers add a new runtime to container platforms keeping your program isolated from the rest of the system using lightweight virtual machines which then start containers inside these pods.

Sandboxed containers are typically used in addition to the security features found within Linux containers.

Learn more in our video series

Sandboxed containers are ideal for workloads that require extremely stringent application-level isolation and security, like privileged workloads running untrusted or untested code and a Kubernetes-native experience. By using a sandboxed container you can further protect your application from remote execution, memory leaks, or unprivileged access by isolating:

  • developer environments and privileges scoping
  • legacy containerized workloads 
  • third-party workloads
  • resource sharing (CI/CD Jobs, CNFs, etc.) and deliver safe multi-tenancy

 

Kata Containers as a Service

Red Hat Resources

Red Hat OpenShift sandboxed containers, based on the Kata Containers open source project, provides an additional layer of isolation for applications with stringent security requirements via Open Container Initiative (OCI)-compliant container runtime using lightweight virtual machines running your workloads in their own isolated kernel. Red Hat OpenShift achieves this through our certified Operator framework which manages, deploys, and updates the Red Hat OpenShift sandboxed containers Operator. 

The Red Hat OpenShift sandboxed containers’ Operator delivers and continuously updates all the required bits and pieces to make Kata Containers usable as an optional runtime on the cluster. That includes but is not limited to:

Red Hat OpenShift sandboxed containers are now generally available.

Hub

The official Red Hat blog

Get the latest information about our ecosystem of customers, partners, and communities.

All Red Hat product trials

Our no-cost product trials help you gain hands-on experience, prepare for a certification, or assess if a product is right for your organization.

Keep reading

What is the Kubernetes Java client?

The Kubernetes Java client is a client library that enables the use of the Java programming language to interface with Kubernetes.

What are hosted control planes?

Pave the way for a true hybrid-cloud approach that allows smaller nodes to run a control plane, thereby reducing the cost of clusters.

Containers vs VMs

Linux containers and virtual machines (VMs) are packaged computing environments that combine various IT components and isolate them from the rest of the system.

Containers resources

Featured product

  • Red Hat OpenShift

    A unified application development platform that lets you build, modernize, and deploy applications at scale on your choice of hybrid cloud infrastructure.

Related articles