EPISODE · Jun 8, 2026 · 10 MIN
Why Kubernetes Pod Security Standards Still Leak
from DevOps Daily with Fexingo: CI/CD, Kubernetes, and Modern Software Operations · host Fexingo
In this episode of DevOps Daily, Lucas and Luna tackle a persistent security blind spot in Kubernetes: Pod Security Standards (PSS) and why they still leak sensitive data. They walk through a real-world case where a team using PSS with the 'baseline' profile left a sidecar container unmonitored, exposing database credentials. Lucas breaks down how PSS policies only check admission time, not runtime behavior, and how attackers exploit gaps like init containers and ephemeral containers. Luna shares a story from a fintech startup that discovered their PSS implementation failed because they forgot to apply it to custom namespaces. Together, they explain why you need to layer runtime security tools like Falco or OPA Gatekeeper, and how to audit your PSS policies using kubectl to catch hidden leaks. This episode is for DevOps engineers who think PSS means their cluster is secure—but want to verify it actually is. #Kubernetes #PodSecurityStandards #CloudSecurity #DevOps #DevOpsDaily #CyberSecurity #ContainerSecurity #K8s #OPAGatekeeper #Falco #RuntimeSecurity #SidecarContainers #InitContainers #EphemeralContainers #AdmissionController #CloudNative #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo
What this episode covers
In this episode of DevOps Daily, Lucas and Luna tackle a persistent security blind spot in Kubernetes: Pod Security Standards (PSS) and why they still leak sensitive data. They walk through a real-world case where a team using PSS with the 'baseline' profile left a sidecar container unmonitored, exposing database credentials. Lucas breaks down how PSS policies only check admission time, not runtime behavior, and how attackers exploit gaps like init containers and ephemeral containers. Luna shares a story from a fintech startup that discovered their PSS implementation failed because they forgot to apply it to custom namespaces. Together, they explain why you need to layer runtime security tools like Falco or OPA Gatekeeper, and how to audit your PSS policies using kubectl to catch hidden leaks. This episode is for DevOps engineers who think PSS means their cluster is secure—but want to verify it actually is. #Kubernetes #PodSecurityStandards #CloudSecurity #DevOps #DevOpsDaily #CyberSecurity #ContainerSecurity #K8s #OPAGatekeeper #Falco #RuntimeSecurity #SidecarContainers #InitContainers #EphemeralContainers #AdmissionController #CloudNative #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo
NOW PLAYING
Why Kubernetes Pod Security Standards Still Leak
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m