PodSecurityPolicy Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 4: Line 4:


=Associate a PodSecurityPolicy with a Service Account=
=Associate a PodSecurityPolicy with a Service Account=
Create a Role that allows using the PodSecurityPolicy. Assuming that the name of the PodSecurityPolicy is "example", the role metadata should be similar to:
<syntaxhighlight lang='yaml'>
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: access-to-podsecuritypolicy
rules:
- apiGroups: ['policy']
  resources: ['podsecuritypolicies']
  verbs:    ['use']
  resourceNames:
  - 'example'
</syntaxhighlight>
=Associate a PodSecurityPolicy with a User Account=
=Associate a PodSecurityPolicy with a User Account=
{{External|https://kubernetes.io/docs/concepts/policy/pod-security-policy/#via-rbac}}
{{External|https://kubernetes.io/docs/concepts/policy/pod-security-policy/#via-rbac}}

Revision as of 03:12, 3 September 2020

Internal


Associate a PodSecurityPolicy with a Service Account

Create a Role that allows using the PodSecurityPolicy. Assuming that the name of the PodSecurityPolicy is "example", the role metadata should be similar to:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: access-to-podsecuritypolicy
rules:
- apiGroups: ['policy']
  resources: ['podsecuritypolicies']
  verbs:     ['use']
  resourceNames:
  - 'example'

Associate a PodSecurityPolicy with a User Account

https://kubernetes.io/docs/concepts/policy/pod-security-policy/#via-rbac