Kubernetes: Pod Security Policy

A Pod Security Policy (PSP) is a kubernetes resources that allows us to set security limitations on pods across the cluster. In order to use a PSP, the controller needs to be enabled. The purpose of a PSP is to govern the behavior of pods in the cluster. PSP operates in a cluster wide level. If you read my previous post or have heard about security context in the past, you might be wondering how its different from PSP. The difference biggest difference is that PSP operates on a cluster level and configuration no longer need to be attached to pod manifest. So it basically automates the enforcement of security context. Below is an example of a PSP that stops the creation of privileged pods.

 
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: hello
spec:
  privileged: false 
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  volumes:
  - '*'

One thought on “Kubernetes: Pod Security Policy”

Leave a Reply to Oluisa Abdultawwab Cancel reply

Your email address will not be published. Required fields are marked *