A Detailed Guide to Kubernetes PodSecurityPolicy in AWS EKS
Pod Security
Pods have a variety of different settings that can strengthen or weaken your overall security posture. As a Kubernetes practitioner your chief concern should be preventing a process that’s running in a container from escaping the isolation boundaries of Docker and gaining access to the underlying host.
The processes that run within a container run under the context of the Linux root user by default. Although the actions of the root within a container are partially constrained by the set of Linux capabilities that Docker assigns to the containers, these default privileges could allow an attacker to escalate their privileges and/or gain access to sensitive information bound to the host, including Secrets and ConfigMaps.
If you want to know more about Docker, Linux Capabilities, and why pod security matters, please read my other articles before continuing reading this one, so that you can fully understand what it is and why we need it:
