Enable Pod Security Policy CheckingΒΆ

Note

PodSecurityPolicy (PSP) ONLY applies if running on K8S v1.24 or earlier. PodSecurityPolicy (PSP) is deprecated as of Kubernetes v1.21 and removed from K8S v1.25. Instead of using PodSecurityPolicy, you can enforce similar restrictions on Pods using Pod Security Admission Controller

Procedure

  1. Set the kubernetes kube_apiserver admission_plugins system parameter to include PodSecurityPolicy.

    ~(keystone_admin)]$ system service-parameter-add kubernetes kube_apiserver admission_plugins=PodSecurityPolicy
    
  2. Apply the Kubernetes system parameters.

    ~(keystone_admin)]$ system service-parameter-apply kubernetes
    
  3. View the automatically added pod security policies.

    $ kubectl get psp
    $ kubectl describe <psp> privileged
    $ kubectl describe <psp> restricted