Pod Security & Image Scanning
Implement Pod Security Standards and integrate image scanning tools to detect vulnerabilities in your container images.
Pod Security: Layering Up
Ensuring the security of your applications in Kubernetes starts at the very foundation: the Pod itself. Pods run your containers, and if a Pod is compromised, your application is at risk.
Pod Security Standards (PSS) are a set of security guidelines that define different isolation levels for Pods. They help you enforce secure configurations and prevent common attack vectors.
PSS: Levels of Protection
Kubernetes defines three distinct Pod Security Standard profiles, each offering a different level of security and flexibility:
- Privileged: Unrestricted, allowing known privilege escalations. Avoid for most workloads.
- Baseline: Minimally restrictive, preventing known privilege escalations. Good for typical apps.
- Restricted: Highly restrictive, enforcing current hardening best practices. Ideal for critical apps.
These profiles help you choose the right balance between security and functionality for your Pods.