Firecracker serves an entirely different purpose from Kubernetes. Kubernetes is a cluster scheduler but the containers being scheduled still need a runtime (typically Docker, containerd, or CRI-O) to execute the process within the container. These runtimes typically share a single Linux kernel instance and use the kernel cgroups feature to isolate workloads. In multi-tenant environments where each tenant is running unrestricted code this presents and unacceptably high security risk. If a hacker compromises one container and escapes the cgroup confinement they can potentially impact the security of other containers. Fargate is the building block for an alternative container runtime that uses extremely lightweight VMs and isolated kernel instances instead of the more traditional approach of sharing a kernel between all processes.

You can also see an early proof of concept integration with containerd at https://github.com/firecracker-microvm/firecracker-container...

Any plan to integrate Firecracker with CRI? Or you think it's more like serving for specific purpose like Serverless?

More broadly, that is exactly what AWS aims to do with serverless: "De-commoditize" its commoditization by containerization and tightly re-couple your application to AWS. Which is fine, if it suits someone to do that. AWS just likes to use different words to describe it: "Run code without thinking about servers" -- Which is actually only half the story, since you'll still be thinking about all that extra stuff, just that now you'll be thinking about AWS-specific versions of that stuff, in addition to paying the convenience fees.