PodSecurityPolicy Operations: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 7: | Line 7: | ||
kubectl get podsecuritypolicies | kubectl get podsecuritypolicies | ||
</syntaxhighlight> | </syntaxhighlight> | ||
This is the unique, cluster-wide list of pod security policies. | |||
=Associate a PodSecurityPolicy with a Service Account= | =Associate a PodSecurityPolicy with a Service Account= |
Revision as of 01:56, 5 September 2020
Internal
Get Deployed PodSecurityPolicies
kubectl get podsecuritypolicies
This is the unique, cluster-wide list of pod security policies.
Associate a PodSecurityPolicy with a Service Account
Create a Role that allows using the PodSecurityPolicy. Assuming that the name of the PodSecurityPolicy is "example", the role metadata should be similar to:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: access-to-podsecuritypolicy
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- 'example'
Create the RoleBinding that binds the service account to the role:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: access-to-podsecuritypolicy-test-serviceaccount-binding
roleRef:
kind: Role
name: access-to-podsecuritypolicy
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: test-serviceaccount
namespace: default