nemo
/
kubernetes-security
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity
kubernetes-security/05-PSP.md

27 lines
1.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Pod Security Policy
## References
- https://kubernetes.io/docs/concepts/policy/pod-security-policy/#what-is-a-pod-security-policy
- https://docs.bitnami.com/kubernetes/how-to/secure-kubernetes-cluster-psp/
```bash
# start minikube with PodSecurityPolicy enabled
minikube start --extra-config=apiserver.GenericServerRunOptions.AdmissionControl=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,PodSecurityPolicy
```
Go through the example reference at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#example:
```bash
# Set up a namespace and a service account to act as for this example. Well use this service account to mock a non-admin user.
kubectl create namespace psp-example
kubectl create serviceaccount -n psp-example fake-user
kubectl create rolebinding -n psp-example fake-editor --clusterrole=edit --serviceaccount=psp-example:fake-user
# To make it clear which user were acting as and save some typing, create 2 aliases:
alias kubectl-admin='kubectl -n psp-example'
alias kubectl-user='kubectl --as=system:serviceaccount:psp-example:fake-user -n psp-example'
# Create a policy and a pod (see link for file)
kubectl-admin create -f example-psp.yaml
```
Reference in New Issue View Git Blame Copy Permalink