←back to thread

Show HN: Katakate – Dozens of VMs per node for safe code exec

(github.com)
120 points gbxk | 2 comments | 21 Oct 25 15:22 UTC | HN request time: 0s | source

I've built this to make it easy to host your own infra for lightweight VMs at large scale.

Intended for exec of AI-generated code, for CICD runners, or for off-chain AI DApps. Mainly to avoid Docker-in-Docker dangers and mess.

Super easy to use with CLI / Python SDK, friendly to AI engs who usually don't like to mess with VM orchestration and networking too much.

Defense-in-depth philosophy.

Would love to get feedback (and contributors: clear & exciting roadmap!), thx

Show context
ed_mercer ◴[21 Oct 25 18:20 UTC] No.45659530[source]
Why do I need this if I already have containers and k8s for running agents?
replies(1): >>45659581 #
gbxk ◴[21 Oct 25 18:23 UTC] No.45659581[source]
It is well known that containers do not provide you safe isolation. It is not their purpose. They share kernel and page cache with the host. Any kernel exploit gives to someone in a container potential root control of the host (see DirtyPipe, DirtyCow). That's why you need VM-level isolation.
replies(2): >>45659754 #>>45662856 #
1. innanet-worker ◴[21 Oct 25 23:02 UTC] No.45662856[source]
today i'm one of the lucky 10k https://xkcd.com/1053/
replies(1): >>45666581 #
2. gbxk ◴[22 Oct 25 09:14 UTC] No.45666581[source]
Lucky you! And lucky me for sharing the info :)