Code Block

Warning: existing pods in namespace "default" violate the new PodSecurity enforce level "restricted:latest"
Warning: ckaf-kafka-0 (and 5 other pods): unrestricted capabilities, seccompProfile
Warning: credential-management-5665fb95d4-ncssg (and 1 other pod): allowPrivilegeEscalation != false, unrestricted capabilities, runAsNonRoot != true, seccompProfile
Warning: fluent-bit-q9d8n: allowPrivilegeEscalation != false, unrestricted capabilities, restricted volume types, runAsNonRoot != true, seccompProfile
Warning: kowl-767d84f95f-qm5pj: allowPrivilegeEscalation != false, unrestricted capabilities, seccompProfile
namespace/default labeled
namespace/kube-node-lease labeled
namespace/kube-public labeled
Warning: existing pods in namespace "kube-system" violate the new PodSecurity enforce level "restricted:latest"
Warning: coredns-95db45d46-skl6z (and 1 other pod): unrestricted capabilities, runAsNonRoot != true, seccompProfile
Warning: etcd-docker-desktop (and 3 other pods): host namespaces, allowPrivilegeEscalation != false, unrestricted capabilities, restricted volume types, runAsNonRoot != true
Warning: kube-proxy-zggs2: host namespaces, privileged, allowPrivilegeEscalation != false, unrestricted capabilities, restricted volume types, runAsNonRoot != true, seccompProfile
Warning: storage-provisioner (and 1 other pod): allowPrivilegeEscalation != false, unrestricted capabilities, restricted volume types, runAsNonRoot != true, seccompProfile
namespace/kube-system labeled

From the previous output, you'll notice that applying the privileged Pod Security Standard shows no warnings for any namespaces. However, baseline and restricted standards both have warnings, specifically in the kube-systemnamespace.

Adding Security

References

...

Space shortcuts

Page tree

Versions Compared

Old Version 3

New Version 4

Key

Adding Security

References

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 3

New Version 4

Key

Adding Security

References