Pod Security Standards
Apply Kubernetes Pod Security Standards to enforce security baseline policies across namespaces.
Full content coming soon. This lesson is being written.
This lesson covers Pod security:
- Pod Security Standards: Privileged, Baseline, Restricted profiles
- Pod Security Admission (PSA): enforce, audit, warn modes
- SecurityContext: runAsNonRoot, readOnlyRootFilesystem, capabilities
- AppArmor and seccomp profiles
- Dropping Linux capabilities
- Preventing privilege escalation:
allowPrivilegeEscalation: false - Policy enforcement tools: OPA/Gatekeeper, Kyverno
Check back soon for the full content.