Pod Security and Network Policies
Pod Security Policies (PSPs) and Network Policies are used to enforce security boundaries at the workload and network level.
Pod Security Policies (Deprecated):
PSPs restrict what pods can do. Although deprecated, they laid the foundation for Pod Security Admission (PSA) in newer Kubernetes versions.
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
spec:
privileged: false
runAsUser:
rule: 'MustRunAsNonRoot'Pod Security Admission (PSA):
- Enforces
restricted,baseline, andprivilegedpolicies - Set via namespace labels
Network Policies:
Define how pods communicate with each other and with external endpoints.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all
namespace: default
spec:
podSelector: {}
policyTypes:
- Ingress
- EgressNetwork Policies help segment workloads and reduce attack surfaces within the cluster.