Isolation between pods in the same container is varies depends on exactly how you have configured the pod and containers. With typical settings, it is not as comprehensive as between separate pods. Whether these differences matter depend on the details of your program and your threat model.

Here is some documentation about Pod sharing/isolation. Here is the detailed Pod API docs.

To understand more deeply, it helps to understand the various types of Linux namespaces

Here are some things to consider when you evaluate whether the isolation is good enough for your use case:

• Different Volumes: All containers have separate mount namespaces. The Pod API allows you to individually specify which volumes are mounted into each pod. If you don't specify any volumes, then the pods do not share files.

• Shared localhost: Containers in the same pod share a localhost network interface. Containers in different pods don't. This might reduce isolation. For example, if the privileged pod opens a port on localhost, the other pod can reach it. (Exception: if pods use the hostNetwork: true option).

• Different Linux Capabilities and users: Containers in the same pod do have different capabilities, and can be run as different user ids. This helps isolation.

• Shared IPC: Containers in the same pod share an IPC namespace. This means that it is possible to have them communicate via IPC mechanisms like System V IPC (http://man7.org/linux/man-pages/man7/svipc.7.html) or POSIX Message Queues. But, you'd still have to chose to use those features.

• Different Resources: Each container has its own memory and CPU limits.