Pod security standard
This is disabled by default.
Pod security standards control pre-built validation of a Pod's capabilities. The security standards don't necessarily grant permissions to a Pod, but rather prevent a Pod from being created that requests more permissions than the standard. Typically this is done through the pods's spec.securityContext
but can also cover things like host ports, volume types, and special annotations used for Linux AppArmor profiles.
Configure this feature to prevent priviledged pods breaking out of the virtual cluster.
policies:
podSecurityStandard: POLICY_PROFILE
Replace POLICY_PROFILE
with Privileged
, Baseline
, or Restricted
. See the Kubernetes docs for profile details.
Config reference​
podSecurityStandard
required string pro​
PodSecurityStandard that can be enforced can be one of: empty (""), baseline, restricted or privileged
podSecurityStandard
required string pro​