Privileged container

Privileged containers represent a very dangerous permission that can be applied in a pod manifest and should almost never be allowed. Privileged pods are set under the securityContext. Privileged containers essentially share the same resources as the host node and do not offer any security boundary normally provided by a container. Running a privileged pod dissolves nearly all isolation between the container and the host node.

apiVersion: v1
kind: Pod
  name: priv-pod 
  hostNetwork: true
  - name: priv-pod 
    image: nginx 
            privileged: true


From microsoft:

  • Restrict over permissive containers: Block privileged containers using admission controllers
  • Ensure that pods meet defined pod security standards: restrict privileged containers using pod security standards
  • Gate images deployed to Kubernetes cluster: Restricted deployment of new containers from trusted supply chains

Pull requests needed ❤️