Rackspace KaaS uses Kubernetes Pod Security Policies (PSP) to perform cluster hardening and provide security for your cluster. PSPs, a list of security rules, enable administrators to configure what pods can access and what they can do.
Rackspace KaaS creates two PSPs by default: privileged and restricted.
The default restricted PSP prevents common security problems such as
users who run as
root or mounting host resources.
The privileged PSP is unrestricted and permits a pod to perform all actions.