OVHcloud Community

Welcome to your community space. Ask questions, search for information, post content, and interact with other OVHcloud Community members.

How to activate Pod Security Policies on Kubernetes cloud?


PSP option should be added to the API server’s configuration using the plugins list :


As I don’t have access to the master nodes I cannot update this value directly from the command line.

How do I activate this policy ?


Hi Emilien,

First of all, did you check that kubernetes is installed correctly? First important step

Pod security policy is defined in a YAML file. This YAML file is then applied, thanks to the kubectl command, in order to define the new policy.

How to create a security policy for pods?

This operation will perform the following operations (via the RunAsAny rule, which is more permissive than the runAsUser option):

  • Disable a pod’s ability to run a privileged container.
  • Allow the use of SELinux.
  • Allow the use of Linux groups.
  • Give permission to users to run container entry points with a different username.
  • Use of fsGroup will be permitted

To create the YAML file, you have to run the command (you can name the file whatever you want. It must end .yaml):

Learn more: What is a POD in kubernetes ?

Maybe a kubernetes expert could guide us if there are steps missing :slight_smile: