kube-prometheus
kube-prometheus copied to clipboard
Pod Security Admission recommended level
What is missing?
Documentation regarding the correct level to set for Pod Security Admission labels on these containers. In a perfect world restricted
would be used, but it is unclear if the application can run in that mode. If baseline
is too restrictive, instructions to make a less restrictive, but still somewhat secure policy would be nice.
Why do we need it?
With https://kubernetes.io/docs/concepts/security/pod-security-standards/ in 1.25+, it would be helpful if this app had a recommended privilege level for the namespace it runs within and was set to match. This would help folks adopt these greater restrictions and feel comfortable that their applications work.
Environment Dev
-
kube-prometheus version:
1bf12a98422ed9e2f26c061beb07fa14035e8823
Anything else we need to know?:
This is really a documentation and notation in the various places sort of feature request.