kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add precision about pod security with pod security standards 

Co-authored-by: Rey Lejano <rlejano@gmail.com>
pull/33992/head
Mahé 2022-08-31 17:35:03 +02:00 committed by GitHub
parent 0e81bfd8ef
commit 2f8388e830
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/en/docs/concepts/security/security-checklist.md
View File

@ -98,7 +98,7 @@ because it may leak information.
## Pod security
- [ ] RBAC rights to `create`, `update`, `patch`, `delete` workloads is only granted if necessary.
- [ ] Appropriate pod security is enforced for all workloads.
- [ ] Appropriate Pod Security Standards policy is applied for all namespaces in `enforce` mode.
- [ ] Memory limit is set for the workloads with a limit equal or inferior to the request.
- [ ] CPU limit might be set on sensitive workloads.
- [ ] For nodes that support it, Seccomp is enabled with appropriate syscalls