Use security policies to manage the security context in which deployed pods operate in your clusters.

Using VMware Tanzu Mission Control, you can make the deployments to your clusters more secure by implementing constraints that govern what deployed pods can do. Security policies, implemented using OPA Gatekeeper, allow you to restrict certain aspects of pod execution in your clusters, such as privilege escalation, Linux capabilities, and allowed volume types.

For more details about how security policies work in Tanzu Mission Control, see Pod Security Management in VMware Tanzu Mission Control Concepts.