services / Azure / Kubernetes PodSecurityPolicies (Fleet)
Kubernetes PodSecurityPolicy objects governed by Azure Kubernetes Fleet Manager. These are admission-control rules that constrain pod privileges (privileged containers, host mounts, host networking/namespaces), acting as a security-enforcement defense against privileged workload deployment.
PSPs are a security/admission defense whose relaxation enables container breakout and node/cluster privilege escalation.
Microsoft.ContainerService/fleets/extensions/podsecuritypolicies/delete
Deleting a PodSecurityPolicy removes pod admission-control security enforcement, eliminating a defense that would otherwise block privileged/host-access workloads.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security