Google’s Kubernetes Engine (GKE) now supports node pools that are wrapped in gVisor to allow running untrusted workloads. The idea behind gVisors is to emulate all system calls in user space and provide a sandbox to processes that cannot be trusted. GKE allows to enable this with a configuration option now.
New GKE Sandbox brings added security to your containers running in Google Kubernetes Engine clusters.
Source: GKE Sandbox: Bring defense in depth to your pods | Google Cloud Blog