OVH Community

Welcome to your community space. Ask questions, search for information, post content, and interact with other OVH Community members.

How to activate Pod Security Policies on Kubernetes cloud?


#1

PSP option should be added to the API server’s configuration using the plugins list :

--enable-admission-plugins=...,PodSecurityPolicy

As I don’t have access to the master nodes I cannot update this value directly from the command line.

How do I activate this policy ?
Thx


#2

Hi Emilien,

First of all, did you check that kubernetes is installed correctly? First important step

Pod security policy is defined in a YAML file. This YAML file is then applied, thanks to the kubectl command, in order to define the new policy.

How to create a security policy for pods?

This operation will perform the following operations (via the RunAsAny rule, which is more permissive than the runAsUser option):

  • Disable a pod’s ability to run a privileged container.
  • Allow the use of SELinux.
  • Allow the use of Linux groups.
  • Give permission to users to run container entry points with a different username.
  • Use of fsGroup will be permitted

To create the YAML file, you have to run the command (you can name the file whatever you want. It must end .yaml):

Learn more: What is a POD in kubernetes ?

Maybe a kubernetes expert could guide us if there are steps missing :slight_smile:

Gianni