📄️ Sandboxes
Container sandboxes in Kubernetes: gVisor, Kata Containers, security isolation, syscalls, kernel space, user space, secure runtime and attack surface reduction.
📄️ RuntimeClasses
RuntimeClasses in Kubernetes: configuring different runtimes, gVisor, runsc handler, installation and practical use of container sandboxes for security.
📄️ Security Context
Security Context in Kubernetes: privilege configuration, access control, runAsUser, runAsGroup, fsGroup, Linux capabilities, AppArmor and Seccomp for container security.
📄️ Pod Security Standards
Pod Security Standards (PSS) in Kubernetes: security policies, privileged/baseline/restricted levels, enforce/warn/audit, PodSecurityPolicy replacement for CKS.