Menu
I am trying to debug why pod security policy (psp) isn't applying. Running the following shows no resources found. Not sure if this is sufficient to confirm psp is enabled.
$ kubectl get psp
No resources found.
Thanks.
671
https://kubernetes.io/docs/concepts/policy/pod-security-policy/#enabling-pod-security-policies
Pod security policy control is implemented as an optional (but recommended) admission controller. PodSecurityPolicies are enforced by enabling the admission controller, but doing so without authorizing any policies will prevent any pods from being created in the cluster.
Since the pod security policy API (policy/v1beta1/podsecuritypolicy) is enabled independently of the admission controller, for existing clusters it is recommended that policies are added and authorized before enabling the admission controller.
66
No, it's not enough to prove it's enabled, as mentioned Ijaz by quoting the documentation.
On GCP, you can do that :
gcloud beta container clusters describe $CLUSTER_NAME --zone $CLUSTER_ZONE | grep -A 1 podSecurityPolicyConfig
If enabled, the expected output is :
podSecurityPolicyConfig:
enabled: true
Otherwise you'll get something like that:
podSecurityPolicyConfig: {}
privateCluster: true
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
