Pod Security Standards

The Pod Security Standards define three profiles to broadly cover the security spectrum. They are as follows -

  • Privileged
  • Baseline
  • Restricted

Nirmata provides Kyverno policies mapped to each of the above controls from the Baseline and Restricted profiles. Refer to the official Kubernetes documentation to learn more about the profiles themselves.

To install all the policies for Pod Security Standards, refer to the instructions provided in the README guide.

Click on the below profiles to dig deeper into the controls and their associated Kyverno policy. Nirmata also provides a reference to what a good resource looks like that conforms to these policies.

Baseline profile

Restricted profile