Difference between revisions of "Kubernetes PodSecurityPolicy (PSP) (deprecated)"
Jump to navigation
Jump to search
(9 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
* https://kubernetes.io/docs/concepts/security/pod-security-policy/ | * https://kubernetes.io/docs/concepts/security/pod-security-policy/ | ||
− | Deprecated in [[v1.21]] (April 2021) | + | Deprecated in [[v1.21]] (April 2021), removed in [[v1.25]] (Aug 2022) |
[[kubectl get psp]] | [[kubectl get psp]] | ||
[[kubectl get psp eks.privileged]] | [[kubectl get psp eks.privileged]] | ||
+ | |||
+ | |||
+ | [[kubernetes.io/psp]]: [[eks.privileged]] | ||
+ | |||
+ | kubectl get pods \ | ||
+ | --all-namespaces \ | ||
+ | --output jsonpath='{.items[*].metadata.annotations.kubernetes\.io\/psp}' \ | ||
+ | | tr " " "\n" | sort -u | ||
+ | |||
+ | == Errors == | ||
+ | [[helm install --set persistence.enabled=true grafana grafana/grafana]] | ||
+ | Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found | ||
+ | for name: "grafana" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "[[policy/v1beta1]]" | ||
+ | ensure [[CRDs]] are installed first, resource mapping not found for name: "grafana-test" namespace: "" from "": no | ||
+ | matches for kind "PodSecurityPolicy" in version "[[policy/v1beta1]]" | ||
+ | ensure CRDs are installed first] | ||
== Related == | == Related == | ||
Line 10: | Line 26: | ||
== See also == | == See also == | ||
+ | * {{OPA}} | ||
* {{PSP}} | * {{PSP}} | ||
− | * {{ | + | * {{Gatekeeper}} |
+ | * {{K8s security}} | ||
[[Category:K8s]] | [[Category:K8s]] |
Latest revision as of 08:59, 26 January 2024
Deprecated in v1.21 (April 2021), removed in v1.25 (Aug 2022)
kubectl get psp kubectl get psp eks.privileged
kubernetes.io/psp: eks.privileged
kubectl get pods \ --all-namespaces \ --output jsonpath='{.items[*].metadata.annotations.kubernetes\.io\/psp}' \ | tr " " "\n" | sort -u
Errors[edit]
helm install --set persistence.enabled=true grafana grafana/grafana Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "grafana" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1" ensure CRDs are installed first, resource mapping not found for name: "grafana-test" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1" ensure CRDs are installed first]
Related[edit]
See also[edit]
- Open Policy Agent (OPA), Gatekeeper
- PodSecurityPolicy (PSP) (deprecated), PSA, PSS,
kubernetes.io/psp
- Gatekeeper, installation, XProtect, OPA,
gatekeeper.sh, config.gatekeeper.sh, gatekeeper-webhook-service
- Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext
, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io
, Hardeneks, Gatekeeper (Kubernetes),kubernetes.io/enforce-mountable-secrets
, Auditing
Advertising: