Most Kubernetes pods run with significantly more power than they actually need to function. By default, the container runtime grants a subset of powerful Linux capabilities to every process. If an …