In this article, Tiexin Guo, a Senior DevOps Consultant at Amazon Web Services, provides a hands-on guide to enhancing Kubernetes security by implementing measures such as not running pods as root, using an immutable root filesystem, performing Docker image scans, and utilizing Pod Security Policies (PSP). The piece explains how Docker containers run as root by default and offers instructions on using the USER directive in Dockerfiles and the securityContext field in Kubernetes to run containers as non-root users. It also covers locking the root filesystem by setting it to read-only to prevent unauthorized modifications. The article introduces image scanning tools like Trivy for identifying vulnerabilities and advises on how to integrate these scans into CI pipelines. Although the PSP feature is deprecated as of Kubernetes 1.21, the article explores its capabilities, particularly in restricting pods to run as non-root and preventing privilege escalation, and provides a demonstration on implementing these security policies.