When I create a DaemonSet or a Deployment as a unprivileged User or an unprivileged ServiceAccount (RBAC & PodSecurityPolicy) the PodSecurityPolicys are being ignored, so it is possible to bypass the PSP to create privileged Pods from DaemonSet and Deployments. If the user tries to deploy a privileged Pod directly it's getting denied by a forbidden message.
The PodSecurityPolicys are kinda useless, when I have to grant our users access to create ressources like DaemonSets/Deployments/ReplicaSets etc... Is it possible to block this behavior with additional RBAC roles? Or is it a bug and should I create an issue? Thanks in advance! -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
