Comment by nyrikki

You seem to have a misunderstanding of what namespaces accomplished on plan9, or that it was extending Unix concepts and assembling them in another way.

As someone who actually ran plan9 over 30 years ago I ensure that if you go back and look at it, the namespaces were intended to abstract away the hardware limitations of the time, to build distributed execution contexts of a large assembly of limited resources.

And if you have an issue with Unix sockets you would have hated it as it didn’t even have stalls and everything was about files.

Today we have a different problem, where machines are so large that we have to abstract them into smaller chunks.

Plan9 was exactly the opposite, when your local system CPU is limited you would run the cpu command and use another host, and guess what, it handed your file descriptors to that other machine.

The goals of plan9 are dramatically different than isolation.

But the OSes you seem to hate so much implemented many of the plan9 ideas, like /proc, union file systems, message passing etc.

Also note I am not talking about k8s in the above, I am talking about containers and namespaces.

K8s is an orchestrater, the kernel functionality may be abstracted by it, but K8s is just a user of those plan9 inspired ideas.

Netns, pidns, etc… could be used directly, and you can call unshare(2)[0] directly, or use a cri like crun or use podman.

Heck you could call the ip() command and run your app in an isolated namespace with a single command if you wanted to.

You don’t need an api or K8s at all.

[0] https://man7.org/linux/man-pages/man2/unshare.2.html