Skip to main content
Version: v0.24 Stable

Pod security standard

note

This feature is disabled by default.

Pod security standards prevent Pods from starting if they request permissions beyond what's allowed. These standards check settings like spec.securityContext, host ports, volume types, and AppArmor annotations.

Enable this feature to block privileged Pods from escaping the virtual cluster.

policies:
podSecurityStandard: <policy_profile>
  • Replace <policy_profile> with privileged, baseline, or restricted.

See the Kubernetes Pod Security profile details for more information.

Config reference​

podSecurityStandard required string pro​

PodSecurityStandard that can be enforced can be one of: empty (""), baseline, restricted or privileged