K8s Preventing Privileged Pods using Pod Security Admission / Standards

Prevent privileged pods from being created to improve security of your K8s cluster. This video shows how to do this using Pod Security Admission/Standards through a fun hands-on screenshare with explanations. Blog post: https://samos-it.com/posts/Preventing-Privileged-pods-using-Pod-Security-Admission-Standards.html Content 0:00 Introduction 1:42 Background on Pod Security Standards and Admission 2:43 Enforcing Baseline Pod Security Standard on default namespace 4:28 Verify privileged pods are being blocked In a Kubernetes cluster, a privileged pod is a pod that has been given extended permissions beyond the default set of permissions. These extended permissions can include the ability to access the host's network, devices, and other sensitive resources. While privileged pods can be useful in certain situations, they also present a significant security risk. In this video, you will learn how to prevent privileged pods using Pod Security Admission and applying Pod Security Standards. Note that using Pod Security Policy (another method to prevent privileged pods) has been deprecated in 1.23 and removed in 1.25. So it's important you adopt Pod Security Admission / Standards instead of PSP.