PS Product SecurityKnowledge Base

Kubernetes Containment Decision Template

Narrow containment

  • Scale suspect deployment to zero
  • Isolate namespace egress
  • Pause one GitOps application

Broad containment

  • Revoke workload identity / service account path
  • Quarantine node
  • Freeze deployments to environment
  • Rotate secrets / issuers used by suspect workload

Evidence note

Record what evidence will be lost before executing high-impact containment.