Hello, looking at https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/495-pod-pid-namespace/README.md I see a non-goal listed as:
Per-container configuration of PID namespace sharing
I was wondering if someone could explain why this was excluded?
I’m asking because when using a sidecar approach it would be nice if the sidecar container could be set to use the pod-level pid namespace where the containers were each in there own child pid-namespace. This would allow for a higher level of isolation between the containers while still allowing a slightly higher privileged sidecar to monitor/control them.