Pod Security Policies Not Enforced

Pod security policies were not enforced, allowing the deployment of pods with unsafe configurations, such as privileged access and host network use.

Find this helpful?

What Happened

The PodSecurityPolicy (PSP) feature was disabled or misconfigured, allowing pods with privileged access to be deployed. This opened up the cluster to potential privilege escalation and security vulnerabilities.

Diagnosis Steps

1Inspected the PodSecurityPolicy settings and found that no PSPs were defined or enabled.
2Checked recent deployments and found pods with host network access and privileged containers.

Root Cause

Disabled or misconfigured PodSecurityPolicy allowed unsafe pods to be deployed.

Fix/Workaround

• Enabled and configured PodSecurityPolicy to enforce security controls, such as preventing privileged containers or host network usage.
• Audited existing pod configurations and updated them to comply with security policies.

Lessons Learned

Enforcing PodSecurityPolicies is crucial for securing pod configurations and preventing risky deployments.

How to Avoid

1Enable and properly configure PodSecurityPolicy to restrict unsafe pod configurations.
2Regularly audit pod configurations to ensure compliance with security standards.

Previous Scenario Next Scenario