Network Policies are a good idea, thanks.

I was more worried about escaping the container, but maybe I shouldn’t be. I’m using Talos now as the OS and there isn’t much on the OS as it is. I can probably also enforce all of my public services to run as non-root users and not allow privileged containers/etc.

Thanks for recommending crowdsec/falco too. I’ll look into those