docs/doc/source/security/kubernetes/disable-pod-security-policy-checking.rst


.. ecz1590154334366
.. _disable-pod-security-policy-checking:

====================================
Disable Pod Security Policy Checking
====================================

.. note::

   PodSecurityPolicy (PSP) ONLY applies if running on K8S v1.24 or earlier.
   PodSecurityPolicy (PSP) is deprecated as of Kubernetes v1.21 and removed from K8S v1.25.
   Instead of using PodSecurityPolicy, you can enforce similar restrictions on Pods using
   :ref:`Pod Security Admission Controller <pod-security-admission-controller-8e9e6994100f>`

You can delete the previously added PodSecurityPolicy service parameter to
disable pod security policy checking.

.. rubric:: |proc|

#.  Remove the kubernetes **kube_apiserver admission_plugins** system
    parameter to exclude PodSecurityPolicy.

    .. code-block:: none

        ~(keystone_admin)]$ system service-parameter-delete <uuid>

#.  Apply the Kubernetes system parameters.

    .. code-block:: none

        ~(keystone_admin)]$ system service-parameter-apply kubernetes
Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00
			`.. ecz1590154334366`
			`.. _disable-pod-security-policy-checking:`

			`====================================`
			`Disable Pod Security Policy Checking`
			`====================================`

Adding note of PSP removal from the project documentation Removal of PSP Support as part of k8s 1.25/1.26 transition, we are adding a note to each page that has pod security policy contexts from the project doc about its existence in K8S v1.24 and removal from K8S v1.25 Story: 2010590 Task: 48324 Change-Id: Ifefeda7ac181267b66398dbf45af9f6ee1239090 Signed-off-by: Rahul Roshan Kachchap <rahulroshan.kachchap@windriver.com> 2023-07-17 02:16:07 -04:00			`.. note::`

			`PodSecurityPolicy (PSP) ONLY applies if running on K8S v1.24 or earlier.`
			`PodSecurityPolicy (PSP) is deprecated as of Kubernetes v1.21 and removed from K8S v1.25.`
			`Instead of using PodSecurityPolicy, you can enforce similar restrictions on Pods using`
			:ref:`Pod Security Admission Controller <pod-security-admission-controller-8e9e6994100f>`

Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00			`You can delete the previously added PodSecurityPolicy service parameter to`
			`disable pod security policy checking.`

			`.. rubric:: \|proc\|`

Remove spurious escapes (r8,dsR8) This change addresses a long-standing issue in rST documentation imported from XML. That import process added backslash escapes in front of various characters. The three most common being '(', ')', and '_'. These instances are removed. Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: Id43a9337ffcd505ccbdf072d7b29afdb5d2c997e 2023-02-28 14:02:05 +00:00			`#. Remove the kubernetes kube_apiserver admission_plugins system`
Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00			`parameter to exclude PodSecurityPolicy.`

			`.. code-block:: none`

Update Security Fixed merge conflict (RS) Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com> Change-Id: I30b882a14196525f440db1108a56bbf862dfaf55 Signed-off-by: Ron Stone <ronald.stone@windriver.com> 2021-03-15 16:56:04 -03:00			`~(keystone_admin)]$ system service-parameter-delete <uuid>`
Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00
			`#. Apply the Kubernetes system parameters.`

			`.. code-block:: none`

Update Security Fixed merge conflict (RS) Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com> Change-Id: I30b882a14196525f440db1108a56bbf862dfaf55 Signed-off-by: Ron Stone <ronald.stone@windriver.com> 2021-03-15 16:56:04 -03:00			`~(keystone_admin)]$ system service-parameter-apply kubernetes`
Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00