Pod security standard
note
This feature is disabled by default.
Pod security standards prevent Pods from starting if they request permissions beyond what's allowed. These standards check settings like spec.securityContext
, host ports, volume types, and AppArmor annotations.
Enable this feature to block privileged Pods from escaping the virtual cluster.
policies:
podSecurityStandard: <policy_profile>
- Replace
<policy_profile>
withprivileged
,baseline
, orrestricted
.
See the Kubernetes Pod Security profile details for more information.
Config reference​
podSecurityStandard
required string pro​
PodSecurityStandard that can be enforced can be one of: empty (""), baseline, restricted or privileged
podSecurityStandard
required string pro​