From 4ae1fd17a73d97ebbbe008b9ff683818aa1232cd Mon Sep 17 00:00:00 2001 From: Shlomo Zalman Heigh Date: Thu, 29 Aug 2024 11:18:58 -0400 Subject: [PATCH] Update cheatsheets/Kubernetes_Security_Cheat_Sheet.md Co-authored-by: mackowski <35339942+mackowski@users.noreply.github.com> --- cheatsheets/Kubernetes_Security_Cheat_Sheet.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cheatsheets/Kubernetes_Security_Cheat_Sheet.md b/cheatsheets/Kubernetes_Security_Cheat_Sheet.md index 49804640df..24f08acc55 100644 --- a/cheatsheets/Kubernetes_Security_Cheat_Sheet.md +++ b/cheatsheets/Kubernetes_Security_Cheat_Sheet.md @@ -408,7 +408,8 @@ Pod Security Standards combined with the Pod Security Admission Controller allow Each of the profiles have defined settings baselines that can be found in more detail [here](https://kubernetes.io/docs/concepts/security/pod-security-standards/#profile-details). -The Pod Security Admission Controller allows you to enforce, audit, or warn upon the violation of a defined policy. `audit` and `warn` modes can be utilized to determine if a particular Pod Security Standard would normally prevent the deployment of a pod when set to `enforce` mode. +The Pod Security Admission Controller allows you to enforce, audit, or warn upon the violation of a defined policy. `audit` and `warn` modes can be utilized to determine if a particular Pod Security Standard would normally prevent the deployment of a pod when set to `enforce` mode. + Below is an example of a namespace that would only allow Pods to be deployed that conform to the restricted Pod Security Standard: