...
We have bet on Kubernetes for providing an abstraction for the execution environment. The (main) reason for this is the requirement for portability -- it should be sufficiently easy to reproduce the sandbox somewhere else (other public cloud, or even on-premises servers). We also need an abstraction (orchestration) that scales beyond one node (e.g. docker compose is limited to a single machine) since the environment needs to be able to host GovStack instances with several building blocks, and simultaneously running several different GovStack instances.
The "execution environment" at the core should be the most portable artifact -- meaning that deploying building blocks should use only suitable Kubernetes abstractions (OCI container images, Kubernetes manifests, and Helm charts, which we publish in Github). One Govstack instance (set of building blocks, configuration, and the necessary mock data) in the sandbox should be treated as ephemeral -- it will be deployed, it will run some time (hours, days, but not months), and it will be thrown away. Also, there can be multiple separate Govstack instances deployed at the same time.
...