Difference between revisions of "Kubernetes PodSecurityPolicy (PSP) (deprecated)"

From wikieduonline
Jump to navigation Jump to search
 
(9 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
* https://kubernetes.io/docs/concepts/security/pod-security-policy/
 
* https://kubernetes.io/docs/concepts/security/pod-security-policy/
  
  Deprecated in [[v1.21]] (April 2021)
+
  Deprecated in [[v1.21]] (April 2021), removed in [[v1.25]] (Aug 2022)
  
 
  [[kubectl get psp]]
 
  [[kubectl get psp]]
 
  [[kubectl get psp eks.privileged]]
 
  [[kubectl get psp eks.privileged]]
 +
 +
 +
[[kubernetes.io/psp]]: [[eks.privileged]]
 +
 +
kubectl get pods \
 +
  --all-namespaces \
 +
  --output jsonpath='{.items[*].metadata.annotations.kubernetes\.io\/psp}' \
 +
  | tr " " "\n" | sort -u
 +
 +
== Errors ==
 +
[[helm install --set persistence.enabled=true grafana grafana/grafana]]
 +
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found
 +
for name: "grafana" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "[[policy/v1beta1]]"
 +
ensure [[CRDs]] are installed first, resource mapping not found for name: "grafana-test" namespace: "" from "": no
 +
matches for kind "PodSecurityPolicy" in version "[[policy/v1beta1]]"
 +
ensure CRDs are installed first]
  
 
== Related ==
 
== Related ==
Line 10: Line 26:
  
 
== See also ==
 
== See also ==
 +
* {{OPA}}
 
* {{PSP}}
 
* {{PSP}}
* {{kubectl}}
+
* {{Gatekeeper}}
 +
* {{K8s security}}
  
 
[[Category:K8s]]
 
[[Category:K8s]]

Latest revision as of 08:59, 26 January 2024

Deprecated in v1.21 (April 2021), removed in v1.25 (Aug 2022)
kubectl get psp
kubectl get psp eks.privileged


kubernetes.io/psp: eks.privileged
kubectl get pods \
  --all-namespaces \
  --output jsonpath='{.items[*].metadata.annotations.kubernetes\.io\/psp}' \
  | tr " " "\n" | sort -u

Errors[edit]

helm install --set persistence.enabled=true grafana grafana/grafana
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found 
for name: "grafana" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "grafana-test" namespace: "" from "": no 
matches for kind "PodSecurityPolicy" in version "policy/v1beta1"
ensure CRDs are installed first]

Related[edit]

See also[edit]

Advertising: