It is configurable, but by default we rely on (1) the isolation provided by the container runtime (Docker or Podman), (2) a combination of VXLAN and Wireguard for tenancy and application separated networking, and (3) per-tenant and host keying material for sercrets management. Through some configuration we do support alternate containerd backends like
firecracker-containerd.