I'm looking for some advice on a feature I'm developing for my platform. Users can initialize multiple agents, which are custom minimal OpenClaw agents running on the backend. The challenge is that each agent needs to be isolated in terms of filesystem and machine access. My initial thought was to create a separate Docker container for each agent, but I'm concerned about scalability as we prepare for thousands of users. Each agent isn't resource-heavy and only runs occasionally, but the isolation requirement complicates things. I'm open to any recommendations or strategies you might have for managing this efficiently!
4 Answers
Kubernetes (K8s) is definitely worth considering. It's designed to manage thousands of containers, which could really help with scalability.
I've used Docker Swarm for smaller setups before, and it worked fine. But when I needed metrics-driven autoscaling, I had to rethink my entire approach.
Keep in mind that while Kubernetes orchestrates containers, it doesn't fully address the isolation issue. Since containers share the kernel, if one agent is compromised, others could be at risk too. You might want to look into using gVisor for user-space kernel isolation or Firecracker for lightweight VMs. They both help maintain security boundaries without the overhead of full VMs.
True, if security is a concern, a stronger isolation between agents is essential. The costs for intermittent workloads are minimal, so it's worth investing in decent security.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically