Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.
When using psa restricted, one of the requirements is that you must set
capabilities:
drop: ["ALL"]
Capabilities (v1.22+)
Containers must drop ALL capabilities, and are only permitted to add back the NET_BIND_SERVICE capability. This is Linux only policy in v1.25+ (.spec.os.name != "windows")
When using psa restricted, one of the requirements is that you must set capabilities: drop: ["ALL"]
Capabilities (v1.22+)
Containers must drop ALL capabilities, and are only permitted to add back the NET_BIND_SERVICE capability. This is Linux only policy in v1.25+ (.spec.os.name != "windows")
Please add a check for this: https://kubernetes.io/docs/concepts/security/pod-security-standards/
/E