Applying the Pod Security Policies for Component Pack
Install the k8s-psp helm chart to apply the Pod Security Policies needed for Component Pack applications.
About this task
- The steps in this topic only need to be done if you have enabled the Pod Security Policies admission controller on your Kubernetes cluster.
- If you followed the upgrade steps in Upgrading to the latest reference implementation, you may have already deployed the k8s-psp helm chart. You can run
helm list
on a master node to confirm.
Procedure
-
Install the k8s-psp Helm chart by running the following command: In the command, replace
extractedFolder with the location of the directory where you extracted the
Component Pack installation package.
helm install \ --name=k8s-psp extractedFolder/microservices_connections/hybridcloud/helmbuilds/k8s-psp-0.1.0-20190719-111319.tgz
-
Verify that policies have been applied by running the following command: kubectl get
psp
The following Component Pack policies appear:
$ kubectl get psp NAME PRIV CAPS SELINUX RUNASUSER FSGROUP SUPGROUP READONLYROOTFS VOLUMES filebeat false RunAsAny RunAsAny MustRunAs MustRunAs false configMap,emptyDir,projected,secret,downwardAPI,persistentVolumeClaim,hostPath infra-elasticsearch true IPC_LOCK,SYS_RESOURCE RunAsAny RunAsAny MustRunAs MustRunAs false configMap,emptyDir,projected,secret,downwardAPI,persistentVolumeClaim infra-storage false RunAsAny RunAsAny MustRunAs MustRunAs false configMap,emptyDir,projected,secret,downwardAPI,persistentVolumeClaim privileged true * RunAsAny RunAsAny RunAsAny RunAsAny false * restricted false RunAsAny MustRunAsNonRoot MustRunAs MustRunAs false configMap,emptyDir,projected,secret,downwardAPI,persistentVolumeClaim