Information
Deny execution of `exec` and `attach` commands in privileged pods.
Rationale:
Setting admission control policy to `DenyEscalatingExec` denies `exec` and `attach` commands to pods that run with escalated privileges that allow host access. This includes pods that run as privileged, have access to the host IPC namespace, and have access to the host PID namespace.
Solution
Edit the `/etc/kubernetes/apiserver` file on the master node and set the `KUBE_ADMISSION_CONTROL` parameter to `'--admission-control=...,DenyEscalatingExec,...'`: `KUBE_ADMISSION_CONTROL='--admission-control=...,DenyEscalatingExec,...'`
Based on your system, restart the `kube-apiserver` service. For example: `systemctl restart kube-apiserver.service`
Impact:
`exec` and `attach` commands will not work in privileged pods.