Kubernetes Pod Security Policy Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 9: Line 9:
A pod security policy is an example of a [[Kubernetes Concepts#Kubernetes_Policies|Kubernetes policy]].
A pod security policy is an example of a [[Kubernetes Concepts#Kubernetes_Policies|Kubernetes policy]].


Pod security policy is implemented by a set of specialized Kubernetes resources ([[#PodSecurityPolicy|PodSecurityPolicy]]), generic resources ([[Kubernetes_Security_Concepts#Service_Account|ServiceAccount]], [[Kubernetes Higher Level Pod Controllers|higher level pod controllers]] such as [[Kubernetes_Deployments|Deployments]], [[Kubernetes_ReplicaSet|ReplicaSets]] and so on), the [[#PodSecurityPolicy_Admission_Controller|PodSecurityPolicy admission controller]] and other controllers, all working in concert to ensure that the pods are created within strict security assumptions, and the pods access various resources in a controlled, secured manner.
Pod security policy is implemented by a set of specialized Kubernetes resources ([[#PodSecurityPolicy|PodSecurityPolicy]]), generic resources ([[Kubernetes_Security_Concepts#Service_Account|ServiceAccount]], [[Kubernetes Higher Level Pod Controllers|higher level pod controllers]] such as [[Kubernetes_Deployments|Deployments]], [[Kubernetes_ReplicaSet|ReplicaSets]] and so on), the [[#PodSecurityPolicy_Admission_Controller|PodSecurityPolicy admission controller]] and other controllers, all working in concert to ensure that the pods are created within strict security assumptions, and the pods access various resources in a controlled, secured manner. The pod security policy controls security sensitive aspects of the pod specification.


=PodSecurityPolicy=
=PodSecurityPolicy=

Revision as of 01:15, 3 September 2020

External

Internal

Overview

A pod security policy is an example of a Kubernetes policy.

Pod security policy is implemented by a set of specialized Kubernetes resources (PodSecurityPolicy), generic resources (ServiceAccount, higher level pod controllers such as Deployments, ReplicaSets and so on), the PodSecurityPolicy admission controller and other controllers, all working in concert to ensure that the pods are created within strict security assumptions, and the pods access various resources in a controlled, secured manner. The pod security policy controls security sensitive aspects of the pod specification.

PodSecurityPolicy

The PodSecurityPolicy is a cluster-level resource

PodSecurityPolicy Admission Controller

More about admission controllers:

Kubernetes Admission Controller Concepts