Great article, thanks for sharing.

One tool you may also want to look at is Sysbox (I am one of the developers).

It's a next-gen "runc" that enables containers to run workloads like KinD securely (no privileged containers). People often use it to run KinD inside a rootless container or pod.

You could use it to sandbox localkube + kind inside a well isolated rootless container, which gives you a repeatable setup without messing up the host.

And you can launch that rootless container locally or in a K8s pod itself (which is very useful for CI/CD).

Hope that helps!