Pod security standard

note

This feature is disabled by default.

Pod security standards prevent Pods from starting if they request permissions beyond what's allowed. These standards check settings like spec.securityContext, host ports, volume types, and AppArmor annotations.

Enable this feature to block privileged Pods from escaping the virtual cluster.

policies:
  podSecurityStandard: <policy_profile>

• Replace <policy_profile> with privileged, baseline, or restricted.

See the Kubernetes Pod Security profile details for more information.

Config reference

podSecurityStandard required string pro

PodSecurityStandard that can be enforced can be one of: empty (""), baseline, restricted or privileged