How Kubernetes Pod Security Standards Break Legacy Workloads

Failed to add items

Sorry, we are unable to add the item because your shopping cart is already at capacity.

Add to basket failed.

Please try again later

Add to wishlist failed.

Please try again later

Remove from wishlist failed.

Please try again later

Adding to library failed

Please try again

Follow podcast failed

Unfollow podcast failed

How Kubernetes Pod Security Standards Break Legacy Workloads

Listen for free

View show details

Kubernetes Pod Security Standards (PSS) replaced PodSecurityPolicies in 1.25, but migrating legacy workloads to restricted mode often breaks them silently. In this episode, Lucas and Luna dig into why PSS admission checks fail for statefulsets running on GKE, how the 'privileged' profile leaks capabilities via container runtime defaults, and what the baseline profile actually blocks. They walk through a real cluster audit where a simple NFS-provisioner pod got rejected because of the 'SYS_ADMIN' capability mismatch, and explain why 'kubectl auth can-i' doesn't catch admission-time failures. Listeners will learn the three PSS profiles, the gotcha around seccomp profiles in v1.27+, and how to audit your cluster with 'kubectl psp-migration' before flipping the admission mode. If your team is still on PodSecurityPolicies or has hit a wall with PSS, this episode is your debug log. #Kubernetes #PodSecurityStandards #PSS #K8sSecurity #DevOps #CloudNative #ContainerSecurity #GKE #kubectl #Seccomp #PodSecurityPolicy #NFSProvisioner #StatefulSet #AdmissionController #SecurityAudit #Technology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo

No reviews yet