⚠️ Did you know your Kubernetes can be insecure? If you don’t use Kyverno, Open Policy Agent then here’s what single setting must be present on your Kubernetes.

Make sure your namespaces have a “baseline” or “restricted” (highly recommended!) pod security profile set with the following annotation (this may cause applications to not be able to start):

pod-security.kubernetes.io/enforce: baseline

I have demonstrated many times the real risks of running containers without this setting, and it’s terrifying how easy it is to steal data with even limited access to Kubernetes API.

If your environment has no pod security profile and you don’t use any other admission control (.e.g. Kyverno, OPA) then don’t hesitate to contact me. I will demonstrate to you the risks of not having these safeguards in place and help you secure and adjust your environment to the pod security profiles.