kube-prometheus icon indicating copy to clipboard operation
kube-prometheus copied to clipboard

Published 20 hours ago verified publisher icon prometheus-operator

Pod Security Admission recommended level

Open jcpunk opened this issue 1 year ago • 0 comments

What is missing?

Documentation regarding the correct level to set for Pod Security Admission labels on these containers. In a perfect world restricted would be used, but it is unclear if the application can run in that mode. If baseline is too restrictive, instructions to make a less restrictive, but still somewhat secure policy would be nice.

Why do we need it?

With https://kubernetes.io/docs/concepts/security/pod-security-standards/ in 1.25+, it would be helpful if this app had a recommended privilege level for the namespace it runs within and was set to match. This would help folks adopt these greater restrictions and feel comfortable that their applications work.

Environment Dev

  • kube-prometheus version:

    1bf12a98422ed9e2f26c061beb07fa14035e8823

Anything else we need to know?:

This is really a documentation and notation in the various places sort of feature request.

jcpunk avatar Oct 27 '22 19:10 jcpunk