How to get detailed output using Kubectl --dry-run for Pod Security?

saikrishnagaddipati · July 6, 2023, 1:58pm

Cluster information:

Kubernetes version: 1.23
Cloud being used: AWS - EKS

I am using below command to get list of Pods that violate Pod Security Standards “Restricted” profile.
kubectl label --dry-run=server --overwrite ns test22 pod-security.kubernetes.io/enforce=restricted

The output of above command.
Kubeconfig user entry is using deprecated API version client.authentication.k8s.io/v1alpha1. Run ‘aws eks update-kubeconfig’ to update.
Warning: existing pods in namespace “test22” violate the new PodSecurity enforce level “restricted:latest”
Warning: busybox-22 (and 24 other pods): allowPrivilegeEscalation != false, unrestricted capabilities, runAsNonRoot != true, seccompProfile
Warning: prometheus-x2 (and 4 other pods): seccompProfile
Warning: DebugPod-x3: unrestricted capabilities, runAsNonRoot != true, seccompProfile
Warning: TestPod22: unrestricted capabilities, seccompProfile
namespace/dock labeled

The output in Line3(Highlighted in bold) shows that there are 24 other pods that violate the “Restricted” profile.
How do i know the names of those 24 pods?
Is there a way to get the list of all the pods in the command output??

Topic		Replies	Views
Migrating from PSP to PSA (Kube/AKS 1.24 prior to 1.25 upgrade) General Discussions development , security	0	412	July 13, 2023
Programatically get all the containers from EKS cluster General Discussions development , security	1	186	January 25, 2024
Security Context for a Pod or Container General Discussions security	0	1561	October 11, 2022
Bad Pods: Kubernetes Pod Privilege Escalation General Discussions security	0	1483	January 21, 2021
Can I check which pods are writing to a pvc? General Discussions	0	82	March 20, 2024

How to get detailed output using Kubectl --dry-run for Pod Security?

Cluster information:

Related Topics