From c43a7e444ce46c4afa3b604a958eb10c88a135ca Mon Sep 17 00:00:00 2001 From: Shlomo Zalman Heigh Date: Thu, 29 Aug 2024 11:18:52 -0400 Subject: [PATCH] Update cheatsheets/Kubernetes_Security_Cheat_Sheet.md Co-authored-by: mackowski <35339942+mackowski@users.noreply.github.com> --- cheatsheets/Kubernetes_Security_Cheat_Sheet.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cheatsheets/Kubernetes_Security_Cheat_Sheet.md b/cheatsheets/Kubernetes_Security_Cheat_Sheet.md index 7dcd5c8471..49804640df 100644 --- a/cheatsheets/Kubernetes_Security_Cheat_Sheet.md +++ b/cheatsheets/Kubernetes_Security_Cheat_Sheet.md @@ -397,7 +397,8 @@ For more information on security context for Pods, refer to the documentation at We strongly recommend that all your containers should adhere to the principle of least privilege, since your security risk is heavily influenced by the capabilities, role bindings, and privileges given to containers. Each container should only have the minimum privileges and capabilities that allows it to perform its intended function. -**Utilize Pod Security Standards and the Built-in Pod Security Admission Controller to enforce container privilege levels** +#### Utilize Pod Security Standards and the Built-in Pod Security Admission Controller to enforce container privilege levels + Pod Security Standards combined with the Pod Security Admission Controller allow cluster administrators to enforce requirements on a pods `securityContext` fields. Three Pod Security Standard profiles exist: