Pod Security Standards in Kubernetes

Pod Security Standards in Kubernetes refer to a set of best practices that define different isolation levels of pods. These standards help protect the containerized applications running within pods from potential security threats and vulnerabilities when running in production environments.

How Tanzu Application Catalog meets Pod Security Standards best practices

In Kubernetes, there is a built-in Pod Security admission controller to enforce the Pod Security Standards. These pod security restrictions are applied at the namespace level when pods are created. Pod Security Admission enforces requirements on a Pod’s Security Context based on three defined levels: privileged, baseline, and restricted.

Tanzu Application Catalog’s Helm charts come with the Pod Security Admission controller enabled by default to comply with the restricted policy, enforcing certain controls to reinforce the security of mission-critical deployments. Refer to the Pod Security Standards documentation to learn which controls are enforced/disallowed with this restricted policy.

This best practice is implemented in all charts within the catalog, except for situations where applying this policy would be incompatible and potentially result in failure.

Check out which Helm charts are adhering to this policy by navigating to the “Library” page, and filtering by “Security > PSA”.

Filters to view security requirements

check-circle-line exclamation-circle-line close-line
Scroll to top icon