Рет қаралды 4,861
This video explains the Pod security policy in Kubernetes. PSP provides an extra layer of security over RBAC. Though PSP is deprecated from version 1.21 but still it carries a good weightage in CKS exam and previous cluster versions still have to use PSP for pod level security.
Most famous security control aspects are:
Running of privileged containers
Usage of host namespaces(HostPID)
Usage of volume types
Usage of the host filesystem
Requiring the use of a read only root file system
Restricting escalation to root privileges