This repository has been archived by the owner on Oct 12, 2023. It is now read-only.
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
-
Hi
I am deploying AAD Pod Identity on a cluster that is using kubenet and I had some questions about the security mitigations required.
As I understand it, I would have to drop the NET_RAW capability from every pod in the cluster, not just the pods that bind an identity. Is there any method of applying this across entire clusters or namespaces? Or do I have no other option besides adding this to every Pod on the cluster individually?
Is there any real impact I may have to consider if I drop this capability?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions