Searching in

Enter search term to find items
to navigate, to select, and to close

Hardening Kubernetes: Moving away from Pod Security Policies

Posted on by Nithin Mohan TK 1 min read

Pod Security Policies (PSP) are deprecated in K8s 1.21. The industry is moving to Pod Security Standards (PSS) and Admission Controllers like OPA Gatekeeper or Kyverno.

The New Standard

Kubernetes now has built-in labels for namespaces to enforce security levels:

apiVersion: v1
kind: Namespace
metadata:
  name: my-secure-ns
  labels:
    pod-security.kubernetes.io/enforce: restricted
    pod-security.kubernetes.io/audit: restricted

Setting this label automatically rejects any Pod that tries to run as Root or mount host paths.

Discover more from C4: Container, Code, Cloud & Context

Subscribe to get the latest posts sent to your email.

Posted in Uncategorized

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.