3c5fa979a4
Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com>
33 lines
787 B
ReStructuredText
33 lines
787 B
ReStructuredText
|
|
.. vca1590088383576
|
|
.. _enable-pod-security-policy-checking:
|
|
|
|
===================================
|
|
Enable Pod Security Policy Checking
|
|
===================================
|
|
|
|
.. rubric:: |proc|
|
|
|
|
#. Set the kubernetes kube\_apiserver admission\_plugins system parameter to
|
|
include PodSecurityPolicy.
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)$ system service-parameter-add kubernetes kube_apiserver admission_plugins=PodSecurityPolicy
|
|
|
|
#. Apply the Kubernetes system parameters.
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)$ system service-parameter-apply kubernetes
|
|
|
|
#. View the automatically added pod security policies.
|
|
|
|
.. code-block:: none
|
|
|
|
$ kubectl get psp
|
|
$ kubectl describe <psp> privileged
|
|
$ kubectl describe <psp> restricted
|
|
|
|
|