Skip to content

Commit

Permalink
Update cheatsheets/Kubernetes_Security_Cheat_Sheet.md
Browse files Browse the repository at this point in the history
  • Loading branch information
szh authored Aug 29, 2024
1 parent 50b7f9e commit 253f0b7
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion cheatsheets/Kubernetes_Security_Cheat_Sheet.md
Original file line number Diff line number Diff line change
Expand Up @@ -424,7 +424,8 @@ metadata:

Cluster administrators should properly organize and and enforce policy on cluster namespaces, only permitting the privileged policy on namespaces where it is absolutely required, such as for critical cluster services that require access to the underlying host. Namespaces should be set to the lowest Pod Security Policy that can be enforced and supports their risk level.

If more granular policy enforcement is required beyond the three profiles (Privileged, Baseline, Restricted), Third party admission controllers like OPA Gatekeeper or Kyverno, or built in Validating Admission Policy can be utilized.
If more granular policy enforcement is required beyond the three profiles (Privileged, Baseline, Restricted), Third party admission controllers like OPA Gatekeeper or Kyverno, or built-in Validating Admission Policy can be utilized.


#### Use Pod security policies to control the security-related attributes of pods, which includes container privilege levels

Expand Down

0 comments on commit 253f0b7

Please sign in to comment.