A stock Kubernetes cluster is not secure, even when created using best-practices like kubeadm. Users can create pods that are able to take over the host, the network is default-unrestricted, and so on. Solutions exist, but they require customization, which many users fail to do.
Let’s talk about how we can improve the user experience of existing tools like PodSecurityPolicy, address gaps, and ship a default-secure experience.