Beta feature

DaemonSet security considerations

DaemonSet (multi-namespace) uses the Kubernetes API and the Container Runtime Interface (CRI) to obtain information on the running pods and containers. This includes environment variables, which may contain authentication credentials or other secrets. If the Postman Insights Agent is compromised, these values can be exfiltrated.

The CRI also has no read-only mode. The permissions allow the Postman Insights Agent to start containers and evade the usual monitoring capabilities imposed at the Kubernetes layer.

The CRI defines the main gRPC protocol for the communication between the node components kubelet and container runtime.

While installing the agent, Postman creates a service account and assigns a cluster role to that service. The Insights Agent then belongs to this service account. This role only has the Kubernetes default view access.

This represents the same access that Kubernetes monitoring tools like Datadog or New Relic agents use.

Last modified: 2025/05/30

Postmanaut Cooper jumping over crystal ball. Illustration.

Additional resources

Explore ready-to-use Collection Templates, build API-first workflows with Postman Flows, and more!

Collection Templates

Integration testing
REST API basics
API documentation
Authorization methods

Flows Templates

Add HubSpot contacts to Mailchimp lists
Create Airtable records from new deals in HubSpot
Create or update HubSpot contacts from customers on Stripe
Search Zendesk for tickets with Tag using Create with AI

Popular videos

Postman Flows: Build API Applications Visually
Streamline LLM Integration with Postman's AI Protocol
API Basics: What is an API and How Does It Work?