We identified the usage of hostPID in your Kubernetes manifest enables unauthorized namespace access and container introspection. Processes inside the container can observe or interfere with other workloads running on the node, violating container isolation.

We provide supporting evidence from Kubernetes Pod Security Standards (Baseline & Restricted) and https://github.com/BishopFox/badPods/tree/main/manifests/hostpid which explicitly discourage hostPID: true unless absolutely required, due to risk of privilege escalation and information disclosure.

Expected Behavior:

do not set hostPID: true unless absolutely required.