Kubernetes allows pods to have specific node capabilities without providing full root access. If left unchecked, a pod can gain much more access than it should, leaving your cluster vulnerable to do unwanted and unwarranted action that could leave your systems inoperable
By default, Magalix KubeAdvisor’s Pod Security Policies Advisor ships with Container with uncontrolled Linux capabilities. We can detect against one cluster, or all of your clusters, when pods are scheduled with certain root level capabilities enabled.
When logging into the Magalix console, find your cluster and drill down to Issues using the navigation bar on the left.
#devops #kubernetes #governance #policies