dashboard icon indicating copy to clipboard operation
dashboard copied to clipboard
verified publisher icon kubernetes

Pod Security Admission recommended level

Open jcpunk opened this issue 3 years ago • 2 comments

What would you like to be added?

Documentation regarding the correct level to set for Pod Security Admission labels on these containers. In a perfect world restricted would be used, but it is unclear if the application can run in that mode.

Why is this needed?

With https://kubernetes.io/docs/concepts/security/pod-security-standards/ in 1.25+, it would be helpful if this app had a recommended privilege level for the namespace it runs within. This would help folks adopt these greater restrictions and feel comfortable that their applications work.

jcpunk avatar Oct 27 '22 19:10 jcpunk

Technically the only thing we need is access to the Kubernetes API so it should be possible to use the restricted mode. We'd have to investigate and test it.

floreks avatar Oct 28 '22 09:10 floreks

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jan 26 '23 10:01 k8s-triage-robot