Detecting Privilege Escalation in Kubernetes Pods Overview Privilege escalation in Kubernetes occurs when a pod or container gains elevated permissions beyond its intended scope. This includes running as root, using privileged mode, mounting host filesystems, enabling dangerous Linux capabilities, or exploiting kernel vulnerabilities. Detection combines admission control (prevention), runtime monitoring (detection), and audit logging (investigation). When to Use - When investigating security incidents that require detecting privilege escalation in kubernetes pods - When building detection rul…