workload isolation as a service

Kiln

Managed workload isolation for platform teams. Integrate Kiln's API and every job your platform runs gets its own sandboxed environment - resource limits, process isolation, network separation - handled for you.

changelog

Linux namespace primitives in progress_

Resource limits - cgroups v2

Filesystem isolation - overlayfs + pivot_root

Networking - veth pairs + iptables NAT

Firecracker microVMs - /dev/kvm

one engineer. no ETA.

by 75asu