Information
Ensure that the Kubelet enforces the use of the RuntimeDefault seccomp profile
By default, Kubernetes disables the seccomp profile which ships with most container runtimes. Setting this parameter will ensure workloads running on the node are protected by the runtime's seccomp profile.
Solution
Set the parameter, either via the --seccomp-default command line parameter or the seccompDefault configuration file setting.
Impact:
Setting this will remove some rights from pods running on the node.