When I create a DaemonSet or a Deployment as a unprivileged User or an
unprivileged ServiceAccount (RBAC & PodSecurityPolicy) the
PodSecurityPolicys are being ignored, so it is possible to bypass the PSP
to create privileged Pods from DaemonSet and Deployments.
If the user tries to deploy a privileged Pod directly it's getting denied
by a forbidden message.
The PodSecurityPolicys are kinda useless, when I have to grant our users
access to create ressources like DaemonSets/Deployments/ReplicaSets etc...
Is it possible to block this behavior with additional RBAC roles? Or is it
a bug and should I create an issue?
Thanks in advance!
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.