Kubernetes PodSecurityPolicy (PSP) (deprecated)
Deprecated in v1.21 (April 2021), removed in v1.25 (Aug 2022)
kubectl get psp kubectl get psp eks.privileged
kubernetes.io/psp: eks.privileged
kubectl get pods \ --all-namespaces \ --output jsonpath='{.items[*].metadata.annotations.kubernetes\.io\/psp}' \ | tr " " "\n" | sort -u
Errors[edit]
helm install --set persistence.enabled=true grafana grafana/grafana Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "grafana" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1" ensure CRDs are installed first, resource mapping not found for name: "grafana-test" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1" ensure CRDs are installed first]
Related[edit]
See also[edit]
- Open Policy Agent (OPA), Gatekeeper
- PodSecurityPolicy (PSP) (deprecated), PSA, PSS,
kubernetes.io/psp
- Gatekeeper, installation, XProtect, OPA,
gatekeeper.sh, config.gatekeeper.sh, gatekeeper-webhook-service
- Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext
, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io
, Hardeneks, Gatekeeper (Kubernetes),kubernetes.io/enforce-mountable-secrets
, Auditing
Advertising: