Google Kubernetes Engine (GKE) is a managed service that provides Kubernetes clusters running on Google Cloud VM instances, with the control plane and network being fully managed by GKE. It includes a sandboxing feature based on gVisor for improved isolation, which is particularly useful for running untrusted code safely. However, tests revealed that network isolation was not entirely effective, allowing access to the metadata API under certain conditions. This vulnerability was linked to the network policy that, when applied, disabled the intended filtering for gVisor sandboxed pods, potentially exposing sensitive information about the node, project, and Kubernetes cluster. The issue was promptly reported and fixed, although manual mitigation was initially necessary. Recommendations for better isolation of untrusted code include ensuring proper network policy application, filtering internal ranges, avoiding default instance identities, and using tools like workload identity and metadata concealment to enhance security.