K8s gives you orchestration of Docker containers. I don’t think it handles the container boundary any more than Docker does.

I don’t think it should be assumed to give network isolation, unless you’re also using extensions and something like Cilium for that purpose. I don’t think it’s the right primitive for agent sandboxes, or other kinds of agent infra.

(Obviously, you could still run a custom runtime inside k8s pods, or something like GCP’s k8s gVisor magic.)