From 9504f81526c0fa7a1842986b0deb61a82c0d265d Mon Sep 17 00:00:00 2001 From: Jerome Petazzoni Date: Fri, 24 May 2019 18:39:14 -0500 Subject: [PATCH] Improve English I'm eternally grateful for @bridgetkromhout's patience and keen eyes :) --- slides/k8s/podsecuritypolicy.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/slides/k8s/podsecuritypolicy.md b/slides/k8s/podsecuritypolicy.md index be80820b..a8dd9f98 100644 --- a/slides/k8s/podsecuritypolicy.md +++ b/slides/k8s/podsecuritypolicy.md @@ -4,11 +4,11 @@ (including taking over the entire cluster) -- We are going to show an example of malicious pod +- We are going to show an example of a malicious pod - Then we will explain how to avoid this with PodSecurityPolicies -- We will illustrate by creating a non-privileged user limited to a namespace +- We will illustrate this by creating a non-privileged user limited to a namespace --- @@ -213,7 +213,7 @@ We should see an empty list. ## One example of malicious pods -- We will now show in action an escalation technique +- We will now show an escalation technique in action - We will deploy a DaemonSet that adds our SSH key to the root account @@ -343,7 +343,7 @@ We should see an empty list. - To enable Pod Security Policies, we need to enable their *admission plugin* -- This is done by adding a flag to API server +- This is done by adding a flag to the API server - On clusters deployed with `kubeadm`, the control plane runs in static pods