6.2.2.4. Pod security profile audit
The CSI Volume Admission plugin can apply audit annotations to the pod if the CSI driver’s effective profile is more permissive than the pod security audit profile for the pod namespace. The following table shows the audit annotation applied for different pod security profiles for given label values.
| Pod security profile | Driver label: restricted | Driver label: baseline | Driver label: privileged |
|---|---|---|---|
| Restricted | No audit | Audit | Audit |
| Baseline | No audit | No audit | Audit |
| Privileged | No audit | No audit | No audit |