docs/doc/source/security/kubernetes/enable-pod-security-policy-checking.rst


.. vca1590088383576
.. _enable-pod-security-policy-checking:

===================================
Enable Pod Security Policy Checking
===================================

.. rubric:: |proc|

#.  Set the kubernetes kube\_apiserver admission\_plugins system parameter to
    include PodSecurityPolicy.

    .. code-block:: none

        ~(keystone_admin)]$ system service-parameter-add kubernetes kube_apiserver admission_plugins=PodSecurityPolicy

#.  Apply the Kubernetes system parameters.

    .. code-block:: none

        ~(keystone_admin)]$ system service-parameter-apply kubernetes

#.  View the automatically added pod security policies.

    .. code-block:: none

        $ kubectl get psp
        $ kubectl describe <psp> privileged
        $ kubectl describe <psp> restricted
Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00
			`.. vca1590088383576`
			`.. _enable-pod-security-policy-checking:`

			`===================================`
			`Enable Pod Security Policy Checking`
			`===================================`

			`.. rubric:: \|proc\|`

			`#. Set the kubernetes kube\_apiserver admission\_plugins system parameter to`
			`include PodSecurityPolicy.`

			`.. code-block:: none`

Update Security Fixed merge conflict (RS) Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com> Change-Id: I30b882a14196525f440db1108a56bbf862dfaf55 Signed-off-by: Ron Stone <ronald.stone@windriver.com> 2021-03-15 16:56:04 -03:00			`~(keystone_admin)]$ system service-parameter-add kubernetes kube_apiserver admission_plugins=PodSecurityPolicy`
Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00
			`#. Apply the Kubernetes system parameters.`

			`.. code-block:: none`

Update Security Fixed merge conflict (RS) Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com> Change-Id: I30b882a14196525f440db1108a56bbf862dfaf55 Signed-off-by: Ron Stone <ronald.stone@windriver.com> 2021-03-15 16:56:04 -03:00			`~(keystone_admin)]$ system service-parameter-apply kubernetes`
Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00
			`#. View the automatically added pod security policies.`

			`.. code-block:: none`

			`$ kubectl get psp`
			`$ kubectl describe <psp> privileged`
			`$ kubectl describe <psp> restricted`