Enable Pod Security Policy CheckingΒΆ
Note
PodSecurityPolicy (PSP) ONLY applies if running on K8S v1.24 or earlier. PodSecurityPolicy (PSP) is deprecated as of Kubernetes v1.21 and removed from K8S v1.25. Instead of using PodSecurityPolicy, you can enforce similar restrictions on Pods using Pod Security Admission Controller
Procedure
Set the kubernetes kube_apiserver admission_plugins system parameter to include PodSecurityPolicy.
~(keystone_admin)]$ system service-parameter-add kubernetes kube_apiserver admission_plugins=PodSecurityPolicy
Apply the Kubernetes system parameters.
~(keystone_admin)]$ system service-parameter-apply kubernetes
View the automatically added pod security policies.
$ kubectl get psp $ kubectl describe <psp> privileged $ kubectl describe <psp> restricted