Does kubernetes without rkt support pluggable isolation environments? It seems like a pretty cool feature to be able to say "this pod needs to be run under kvm." I'm not well-versed in how good the regular container isolation has become at this point, so maybe it's not as big of an issue these days.
It is an alpha feature but you can switch the rkt "stage1" using the rkt.alpha.kubernetes.io/stage1-name-override annotation on a pod.
So if you wanted to use the virtual machine based pod isolation you could do something like rkt.alpha.kubernetes.io/stage1-name-override=coreos.com/rkt/stage1-kvm:1.10.0.
We are working with upstream to come up with a better mechanism but this is a great example of where having an annotation is a great release valve for adding experimental features.
Also there is a node-wide kubelet flag `--rkt-stage1-image1` to set the default isolation environments, which can be overridden by the per pod annotation `rkt.alpha.kubernetes.io/stage1-name-override`
