Kubernetes Security
This section provides general information on security settings for Kubernetes clusters.
Lock Down Kubernetes Namespaces
Install the PodSecurity admission webhook into Kubernetes https://kubernetes.io/docs/concepts/security/pod-security-admission/#webhook (Available in Kubernetes v1.22+)
Add the labels to enforce security policies for pods launched into a namespace (Policy values are:
baseline
,privileged
, orrestricted
)Example
NS=cortexkubectl label namespace ${NS} pod-security.kubernetes.io/enforce=baseline \pod-security.kubernetes.io/enforce-version=latest \pod-security.kubernetes.io/warn=baseline \pod-security.kubernetes.io/warn-version=latest