Apply the principle of the least privilege to constrain a process to the minimum privileges it needs.
- Run Containers with a Non-Root User
- Restrict Container Capabilities
- Avoid a Mutable Container Filesystem
- Enforce Security Policies (Privileged/Unrestricted, Baseline, Restricted)
[1] 10 Kubernetes Security Context settings
[2] Enforce Pod Security Standards with Namespace Labels