Kubernetes Pod Security Policy Concepts: Difference between revisions
Jump to navigation
Jump to search
Line 14: | Line 14: | ||
The PodSecurityPolicy is a cluster-level resource | The PodSecurityPolicy is a cluster-level resource | ||
==PodSecurityPolicy Manifest== | |||
{{External|https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritypolicy-v1beta1-policy}} | |||
<syntaxhighlight lang='yaml'> | |||
</syntaxhighlight> | |||
=PodSecurityPolicy Admission Controller= | =PodSecurityPolicy Admission Controller= | ||
More about admission controllers:{{Internal|Kubernetes Admission Controller Concepts|Kubernetes Admission Controller Concepts}} | More about admission controllers:{{Internal|Kubernetes Admission Controller Concepts|Kubernetes Admission Controller Concepts}} |
Revision as of 01:16, 3 September 2020
External
- https://kubernetes.io/docs/concepts/policy/pod-security-policy/
- https://kubernetes.io/docs/concepts/security/pod-security-standards/
Internal
Overview
A pod security policy is an example of a Kubernetes policy.
Pod security policy is implemented by a set of specialized Kubernetes resources (PodSecurityPolicy), generic resources (ServiceAccount, higher level pod controllers such as Deployments, ReplicaSets and so on), the PodSecurityPolicy admission controller and other controllers, all working in concert to ensure that the pods are created within strict security assumptions, and the pods access various resources in a controlled, secured manner. The pod security policy controls security sensitive aspects of the pod specification.
PodSecurityPolicy
The PodSecurityPolicy is a cluster-level resource
PodSecurityPolicy Manifest
PodSecurityPolicy Admission Controller
More about admission controllers: