📄️ Myth: Kubernetes Namespaces Provide Complete Isolation
Many teams assume that creating separate namespaces guarantees strong isolation between workloads, preventing them from affecting each other. But this belief can lead to critical security oversights.
📄️ Myth: Kubernetes Service Accounts Pull Container Images
During internal security audits and team discussions, several engineers assumed that ServiceAccounts were used to authenticate with container registries. One developer even tried granting additional RBAC permissions to a ServiceAccount in an attempt to fix an image-pull failure from a private registry. The issue persisted, and only later did the team realize that the ServiceAccount had no role in image retrieval at all. The failure was caused by missing imagePullSecrets, not ServiceAccount permissions.
📄️ Myth: Pod Security Admission enforces security on running Pods
During a production security review, a team proudly stated:
