gvisor/content/docs/user_guide/kubernetes.md

+++ title = "Kubernetes" weight = 30 +++ gVisor can run sandboxed containers in a Kubernetes cluster with Minikube. After the gVisor addon is enabled, pods with io.kubernetes.cri.untrusted-workload set to true will execute with runsc. Follow these instructions to enable gVisor addon.

You can also setup Kubernetes nodes to run pods in gvisor using the containerd CRI runtime and the gvisor-containerd-shim. Pods with the io.kubernetes.cri.untrusted-workload annotation will execute with runsc. You can find instructions here.