github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/gke/AVD-GCP-0047/docs.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/gke/AVD-GCP-0047/docs.md (about)

     1  
     2  By default, Pods in Kubernetes can operate with capabilities beyond what they require. You should constrain the Pod's capabilities to only those required for that workload.
     3  
     4  Kubernetes offers controls for restricting your Pods to execute with only explicitly granted capabilities. 
     5  
     6  Pod Security Policy allows you to set smart defaults for your Pods, and enforce controls you want to enable across your fleet. 
     7  
     8  The policies you define should be specific to the needs of your application
     9  
    10  ### Impact
    11  Pods could be operating with more permissions than required to be effective
    12  
    13  <!-- DO NOT CHANGE -->
    14  {{ remediationActions }}
    15  
    16  ### Links
    17  - https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#admission_controllers
    18  
    19