当前位置：网站首页>Pod security policy (PSP)

Pod security policy (PSP)

2022-06-29 13:16:00 【Know the old code】

Enable Pod The security policy

Insert picture description here

#  edit kube-apiserver.yaml
vim /etc/kubernetes/manifests/kube-apiserver.yaml

#  Enable pod The security policy , stay kube-apiserver.yaml Add the following parameters 
- --enable-admission-plugins=NodeRestriction,PodSecurityPolicy

#  restart kubelet service 
systemctl restart kubelet

It is forbidden to create privilege mode pod

Insert picture description here

#  Create a service account in the default namespace aliang
kubectl create sa aliang

#  take SA Bind to system built-in Role
kubectl create rolebinding aliang --clusterrole=edit --sa=default:aliang

#  Create using PSP Authority to Role
kubectl create role psp:unprivileged --verb=use --resource=podsecuritypolicy --resource-name=psp-example

#  take SA Bound to the Role
kubectl create rolebinding aliang:psp:unprivileged --role=psp:unprivileged --sa=default:aliang

原网站

版权声明
本文为[Know the old code]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/180/202206291057141915.html

当前位置：网站首页>Pod security policy (PSP)

Pod security policy (PSP)

Enable Pod The security policy

It is forbidden to create privilege mode pod

边栏推荐

猜你喜欢

随机推荐