Managing untrusted workloads in production, including serverless components, is challenging due to the limitations of standard container technology. At Kubecon, I'll explore containerization vs. virtualization, including Kata-containers, QEMU, Firecracker, and gVisor, tailored for diverse workloads.

Learn to seamlessly integrate these with Knative Serving to dynamically scale from zero to infinity securely. I'll also address potential vulnerabilities and risk mitigation using init-containers, IPTables, and network policies (like Cilium or Calico) and more to create a proper sandbox in Kubernetes.

In conclusion, the insights shared in this session will prove invaluable to not only those dealing with untrusted workloads but also to anyone concerned with addressing zero-day vulnerabilities in their 'trusted code.'