Q. What is the isolation level for Azure Container Instances?
A. There are typically two types of container isolation:
- User-mode isolation - Container instances run on a shared container host that are isolated at a user-mode level but share a common kernel
- Kernel-mode isolation - Container instances run in a dedicated container host environment (typically through virtualization technologies) and are therefore isolated from other container instances at a kernel-mode level
Azure Container Instances utilize kernel-mode isolation as documented at https://docs.microsoft.com/en-us/azure/container-instances/container-instances-overview#hypervisor-level-security.