-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
You could use something like Kyverno, and then you can use policies like this one: https://kyverno.io/policies/pod-security/baseline/disallow-privileged-containers/disallow-privileged-containers/
At the heart of the issue you really just want to reduce the surface space of access that the container has to the kernel, should there be a kernel vulnerability found. If the workload is pretty generic, you might be able to just use gvisor. It uses ptrace to eliminate many direct system calls to the kernel and wraps the few that it can't actually just replicate: https://gvisor.dev/