Home

Pod Security Standards

K8s docs on the topic.
Pod Security Gets defined at the namespace level.
3 Examples:

  • privileged
  • baseline
  • restricted
# Privileged
# pods here can do a lot
apiVersion: v1
kind: Namespace
metadata: 
  name: freebird
  labels:
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/enforce-version: latest
# Baseline
# some restrictions apply
apiVersion: v1
kind: Namespace
metadata:
  name: basespace
  labels:
    pod-security.kubernetes.io/enforce: baseline
    pod-security.kubernetes.io/enforce-version: latest
    pod-security.kubernetes.io/warn: baseline
    pod-security.kubernetes.io/warn-version: latest
# Restricted
# the most restricted, apparently this is the best-practice
apiVersion: v1
kind: Namespace
metadata:
  name: restrictedspace
  labels:
    pod-security.kubernetes.io/enforce: restricted
    pod-security.kubernetes.io/enforce-version: latest
    pod-security.kubernetes.io/warn: restricted
    pod-security.kubernetes.io/warn-version: latest
Tags: