It's really a shame that #kubernetes #security has gone the same way as systemd security: instead of having sane defaults, it's a free for all by default and you need to specify dozens of parameters to "lock down" a service.
- replies
- 1
- announces
- 0
- likes
- 1
Especially the recent Pod Security Standards are quite disappointing in this regard: you can warn and forbid insecure settings, but they don't help you to automatically apply these settings.
I would like something similar to #openshift Security Context Constraints: "restricted" -> your pod automatically gets a random UID, runs as non-root, does not allow privilege escalation etc.
I would like something similar to #openshift Security Context Constraints: "restricted" -> your pod automatically gets a random UID, runs as non-root, does not allow privilege escalation etc.