services / Azure / Kubernetes pod security policies
PodSecurityPolicies are cluster-scoped Kubernetes admission-control objects that constrain what pods may do (privileged mode, host namespaces, volume types, capabilities). They are a security-enforcement guardrail for the connected (Azure Arc) Kubernetes cluster.
Acts as a defense mechanism: relaxing or removing it enables privileged pod deployment and node/cluster breakout.
Microsoft.Kubernetes/connectedClusters/extensions/podsecuritypolicies/delete
Deleting a PodSecurityPolicy removes a cluster-wide admission-control guardrail, disabling a security defense and tearing down the admission policy that would otherwise block privileged pods.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security