filmov
tv
How to create a Kubernetes security policy
Показать описание
If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. Here's a quick introduction to this feature.
List of Commands:
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: psp
spec:
privileged: false
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
volumes:
- '*'
privileged: false
kubectl get psp psp
kind: ClusterRole
metadata:
name: psp:psp
rules:
- apiGroups:
- extensions
resources:
- podsecuritypolicies
resourceNames:
- psp
verbs:
- use
---
kind: ClusterRoleBinding
metadata:
name: psp:psp
subjects:
- kind: Group
name: system:authenticated
roleRef:
kind: ClusterRole
name: psp:psp
kubectl auth can-i use psp/psp
kubectl auth can-i use psp/psp --as-group=system:authenticated --as=any-user
List of Commands:
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: psp
spec:
privileged: false
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
volumes:
- '*'
privileged: false
kubectl get psp psp
kind: ClusterRole
metadata:
name: psp:psp
rules:
- apiGroups:
- extensions
resources:
- podsecuritypolicies
resourceNames:
- psp
verbs:
- use
---
kind: ClusterRoleBinding
metadata:
name: psp:psp
subjects:
- kind: Group
name: system:authenticated
roleRef:
kind: ClusterRole
name: psp:psp
kubectl auth can-i use psp/psp
kubectl auth can-i use psp/psp --as-group=system:authenticated --as=any-user
0:10:35
0:35:21
0:13:08
0:40:47
3:36:55
0:09:55
0:11:39
0:02:50
0:51:50
0:29:34
0:16:27
0:12:18
0:05:33
0:10:24
0:08:25
0:06:42
0:16:21
0:17:37
0:19:39
0:16:29
0:04:25
0:07:01
0:12:10
0:03:33