Kubernetes v1.22.0 introduces a new kubelet feature gate SeccompDefault , which has been added in alpha state as every other new feature. Seccomp is a security mechanism that allows Linux processes to filter system calls (syscalls) based on a set of defined rules. Applying Seccomp profiles to containerized workloads is one of the key tasks when it comes to enforcing application deployment security.
Folks often dismiss Seccomp profiles and Capabilities as a way of hardening applications as it is too difficult to determine what syscalls are in use by a given application. Seccomp in Kubernetes is designed to make this more accessible. You can use the securityContext field of pods and their containers to adjust the security-related configurations of the workload.Kubernetes introduced dedicated seccomp related API fields in this SecurityContext.
For more information you should follow this blog post
