Understanding Kubernetes Pod Security Standards (PSS)

Luca Berton
7 min readOct 30, 2024

Kubernetes is one of the most popular platforms for running containerized applications, but ensuring security within Kubernetes clusters is crucial for protecting workloads from potential threats. Pod Security Standards (PSS) are a set of guidelines and policies designed to enforce security at the pod level, helping administrators prevent insecure configurations and protect Kubernetes clusters. Introduced as part of Kubernetes’ Pod Security Admission (PSA) controller, these standards provide various levels of security assurance based on the needs of the workloads.

This article explores the key concepts of Kubernetes Pod Security Standards, their different levels, and how to apply them in practice.

What Are Pod Security Standards?

Pod Security Standards are defined policies that dictate what security-related configurations a pod can or cannot have when running inside a Kubernetes cluster. These standards help reduce the attack surface by restricting insecure configurations, enforcing security best practices, and ensuring workloads run with the least privilege necessary.

Pod Security Standards are organized into three levels:

  1. Privileged
  2. Baseline
  3. Restricted

--

--

Luca Berton
Luca Berton

Written by Luca Berton

I help creative Automation DevOps, Cloud Engineer, System Administrator, and IT Professional to succeed with Ansible Technology to automate more things everyday

No responses yet