Preventing Privileged pods using Pod Security Admission / Standards

In a Kubernetes cluster, a privileged pod is a pod that has been given extended permissions beyond the default set of permissions. These extended permissions can include the ability to access the host's network, devices, and other sensitive resources. While privileged pods can be useful in certain situations, they also …

Continue reading »

Trying ValidationAdmissionPolicy aka CEL Admission in K8s 1.26

CEL for admission control is a new 1.26 feature. With the feature, define ValidationAdmissionPolicy to express your desired policy and ValidationAdmissionPolicyBinding to assign the policy to e.g. a namespace.

This post has the following sections:

  1. Creating a 1.26 cluster with ValidationAdmissionPolicy / CEL Admission enabled
  2. Configure the policies …

Continue reading »