Thalassa Cloud Thalassa Cloud
Sign in Sign up

Pod Security Standards: Practical Hardening for Kubernetes

kubernetes security
2025-09-29
By Thalassa Cloud

Pod Security Standards (PSS) are a low‑friction way to harden clusters by default. With Pod Security Admission (PSA), you can enforce least‑privilege at the namespace level and prevent risky pods from ever being created. It’s simple, auditable, and fits cleanly into GitOps. Improving your security posture Implementing Pod Security Standards is crucial as it helps reduce the blast radius by blocking privilege escalation and host-level access. It allows teams to catch misconfigurations early during the admission phase rather than after deployments, ensuring issues are addressed promptly.

Read article

Latest Posts

2025-09-29

Pod Security Standards: Practical Hardening for Kubernetes

Pod Security Standards (PSS) are a low‑friction way to harden clusters by default. With Pod Security Admission (PSA), you can enforce least‑privilege at the namespace level and prevent risky pods from ever being created. It’s simple, auditable, and fits cleanly into GitOps. Improving your security posture Implementing Pod Security Standards is crucial as it helps reduce the blast radius by blocking privilege escalation and host-level access. It allows teams to catch misconfigurations early during the admission phase rather than after deployments, ensuring issues are addressed promptly.
2025-09-20

VPC‑Only Access for Kubernetes Clusters

We’ve added support for VPC‑only access to Kubernetes control planes. When enabled, the cluster’s public API endpoint is disabled and the Kubernetes API is reachable only from within your Virtual Private Cloud. This helps teams meet stricter security and compliance requirements without sacrificing operational access. VPC-only access is valuable for DevOps teams because it boosts security by removing the internet-facing API endpoint, which reduces the attack surface. It also makes network rules and identity limits clearer by using your VPC as the boundary.
2025-08-14

Kubernetes v1.33.4-0 and v1.32.8-0: Security Fixes and Component Updates

We’re excited to announce the release of two new Kubernetes versions in Thalassa Cloud: v1.33.4-0 and v1.32.8-0. These releases bring security fixes, component updates, and enhanced stability for your Kubernetes workloads. Security Fixes Both releases address a medium security vulnerability: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference A vulnerability exists in the NodeRestriction admission controller where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource.
2025-08-01

Speed vs. Safety: Automating Upgrades in a Production Kubernetes Environment

Running Kubernetes in production means constantly updating your clusters. Upgrades are essential for security and new features, but they require careful timing. Move too quickly, and you might break applications. Delay too long, and you’ll fall behind on security patches and API updates. Why Manual Upgrades Don’t Work Manual Kubernetes upgrades are problematic for DevOps teams. They often lead to inconsistent results across environments and rely on a few team members with the necessary expertise.
2025-07-30

Thalassa Cloud Services Roadmap Status - Q3 2025

Whether you’re deploying critical workloads, scaling internal tools, or building your next product; the infrastructure should be secure, predictable, and automation-friendly. We believe the cloud should feel like an API, not a maze of GUIs or vendor lock-in. That’s why our roadmap is focused on three things: Developer-first IaaS and Kubernetes Security and compliance by design Building blocks for observability and automation Here’s where we are now, and where we’re heading in the third and fourth quarter of 2025.
2025-07-13

Gain More Control with Scheduled Kubernetes Upgrades on Thalassa Cloud

We’ve introduced a new capability to make your cluster operations smoother and more predictable: Scheduled Upgrades for our Managed Kubernetes service.

As a DevOps engineer, you know that staying on supported Kubernetes versions is essential - not just for security patches, but also for ensuring compatibility with the wider CNCF ecosystem. But planning and executing upgrades across environments can be a chore, especially when your running many Kubernetes Clusters.

2025-06-01

Introducing the Thalassa Public Cloud

A modern European cloud platform – built from the ground up to put control, automation, and sovereignty back in your hands. At Thalassa Cloud, we believe infrastructure should be modern, flexible, and sovereign – without the complexity or lock-in of hyperscalers. That’s why we’ve launched the Thalassa Public Cloud: a high quality and API first Cloud Services platform designed for DevOps-first teams who want more control and better APIs, without giving up performance or compliance and still want to run their services in Dutch Datacenters.