The containers are not running a "mount" command from within the container. Any K8s Pod that requests a hostPath volume type and specifies the rootfs will perform a *bind* mount on the rootfs and all sub-path mounts (which includes DRBD).
The K8s security policies can protect the system from application Pods performing this same operation. https://kubernetes.io/docs/concepts/policy/pod-security-policy/#volumes-and-file-systems
The containers are not running a "mount" command from within the container. Any K8s Pod that requests a hostPath volume type and specifies the rootfs will perform a *bind* mount on the rootfs and all sub-path mounts (which includes DRBD).
The K8s security policies can protect the system from application Pods performing this same operation. /kubernetes. io/docs/ concepts/ policy/ pod-security- policy/ #volumes- and-file- systems
https:/