 f076c3a387
			
		
	
	f076c3a387
	
	
	
		
			
			Removal of PSP Support as part of k8s 1.25/1.26 transition, we are adding a note to each page that has pod security policy contexts from the project doc about its existence in K8S v1.24 and removal from K8S v1.25 Story: 2010590 Task: 48324 Change-Id: Ifefeda7ac181267b66398dbf45af9f6ee1239090 Signed-off-by: Rahul Roshan Kachchap <rahulroshan.kachchap@windriver.com>
		
			
				
	
	
		
			40 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
			
		
		
	
	
			40 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
| 
 | |
| .. vca1590088383576
 | |
| .. _enable-pod-security-policy-checking:
 | |
| 
 | |
| ===================================
 | |
| Enable Pod Security Policy Checking
 | |
| ===================================
 | |
| 
 | |
| .. note::
 | |
| 
 | |
|    PodSecurityPolicy (PSP) ONLY applies if running on K8S v1.24 or earlier.
 | |
|    PodSecurityPolicy (PSP) is deprecated as of Kubernetes v1.21 and removed from K8S v1.25.
 | |
|    Instead of using PodSecurityPolicy, you can enforce similar restrictions on Pods using
 | |
|    :ref:`Pod Security Admission Controller <pod-security-admission-controller-8e9e6994100f>`
 | |
| 
 | |
| .. rubric:: |proc|
 | |
| 
 | |
| #.  Set the kubernetes kube_apiserver admission_plugins system parameter to
 | |
|     include PodSecurityPolicy.
 | |
| 
 | |
|     .. code-block:: none
 | |
| 
 | |
|         ~(keystone_admin)]$ system service-parameter-add kubernetes kube_apiserver admission_plugins=PodSecurityPolicy
 | |
| 
 | |
| #.  Apply the Kubernetes system parameters.
 | |
| 
 | |
|     .. code-block:: none
 | |
| 
 | |
|         ~(keystone_admin)]$ system service-parameter-apply kubernetes
 | |
| 
 | |
| #.  View the automatically added pod security policies.
 | |
| 
 | |
|     .. code-block:: none
 | |
| 
 | |
|         $ kubectl get psp
 | |
|         $ kubectl describe <psp> privileged
 | |
|         $ kubectl describe <psp> restricted
 | |
| 
 | |
| 
 |