PaaS Grade cluster creates gVisor annotated Knative services -> Pods
Problem to solve
A bad actor could find and exploit native k8s/Knative vulnerabilities to break out of a running docker container to the host and execute malicious code.
Container isolation/sandboxing reduces the risk of breaking out of docker containers to the host.
Ensure that pods created via #59665 will result in the sandbox isolation assuming that your cluster has gVisor enabled. If it is not enabled then the pods will still run fine but will not be isolated/sandboxed.