https://github.com/kubernetes-sigs/agent-sandbox/tree/v0.1.0/examples/vscode-sandbox suggests using kubectl port-forward after applying the gvisor overlay.

However, kubectl port-forward is not currently compatible with the runsc runtime used by gVisor. Following these instructions will result in an error similar to this:

E1113 12:13:55.326947 1362781 portforward.go:424] "Unhandled Error" err="an error occurred forwarding 8000 -> 8888: error forwarding port 8888 to pod 08a55c7e040cff8ffbcab832623815bc6c00e3563beb1d5282abde2e5b5a63ad, uid : failed to execute portforward in network namespace "/var/run/netns/cni-f9e07cfe-3e9e-b41e-3cb7-a5aab2d16661": failed to connect to localhost:8888 inside namespace

This is a known issue, as discussed in #158.

The doc should be updated to reflect this limitation. Suggest adding a note explaining that kubectl port-forward does not work with gVisor and provide alternative instructions, such as using a Service of type LoadBalancer or NodePort, or using a Gateway, to expose the VSCode server.