PSP option should be added to the API server’s configuration using the plugins list :

--enable-admission-plugins=...,PodSecurityPolicy

As I don’t have access to the master nodes I cannot update this value directly from the command line.

How do I activate this policy ?
Thx

Hi Emilien,

First of all, did you check that kubernetes is installed correctly? First important step

Pod security policy is defined in a YAML file. This YAML file is then applied, thanks to the kubectl command, in order to define the new policy.

How to create a security policy for pods?

This operation will perform the following operations (via the RunAsAny rule, which is more permissive than the runAsUser option):

• Disable a pod’s ability to run a privileged container.
• Allow the use of SELinux.
• Allow the use of Linux groups.
• Give permission to users to run container entry points with a different username.
• Use of fsGroup will be permitted

To create the YAML file, you have to run the command (you can name the file whatever you want. It must end .yaml):

Maybe a kubernetes expert could guide us if there are steps missing

Gianni