Radioactive Workloads

Granting excessive control to workloads not only increases the risk of being hacked but also affects the stability of nodes and the entire cluster.

Kubevious marks workloads and their corresponding namespaces as radioactive. Specifically, it checks for privileged containers, hostPID, hostNetwork, hostIPC flags, and mounts to sensitive host locations like docker.sock file, etc.

The Radioactivity icon is propagated up the tree. So, by looking at the Namespace, there is a clear indication of workloads with excessive permissions.

Radioactive and Overprivileged Workloads

Share this article on: