MITRE, NSA, ArmoBest
Pod Security Policies enable fine-grained authorization of pod creation and updates and it extends authorization beyond RBAC. It is an important to use PSP to control the creation of sensitive PODs in your cluster.
Reading the cluster descritpion from the managed cloud API (EKS, GKE), or the API server pod configuration for native K8s and checking if PSP is enabled
Turn Pod Security Policies on in your cluster, if you use other admission controllers to control the behavior that PSP controls, exclude this control from your scans
Updated 8 days ago