Kubernetes Security 2 - Pod Security Policy for Kubernetes Cluster
Рет қаралды 4,861
Күн бұрынThis video explains the Pod security policy in Kubernetes. PSP provides an extra layer of security over RBAC. Though PSP is deprecated from version 1.21 but still it carries a good weightage in CKS exam and previous cluster versions still have to use PSP for pod level security.
Most famous security control aspects are:
Running of privileged containers
Usage of host namespaces(HostPID)
Usage of volume types
Usage of the host filesystem
Requiring the use of a read only root file system
Restricting escalation to root privileges
@SandeepSaini-mt3yl 17 күн бұрын
Great explanation and clearly all doubts
@rugabajeanpierre8660 2 жыл бұрын
thanks for explaining the PSP with examples
@aprann9012 2 жыл бұрын
very helpful..thanks
@rameshd3951 Жыл бұрын
Nice one .
@iammrchetan 11 ай бұрын
Hi @Shailender, I want to restrict users from running cp/scp/rsync/sftp commands inside the containers running in the kubernetes. I understand that we should only have needed packages available inside the application images. But in our system, lots of applications are already running and we can't control that as of now. I was wondering if we have a way to achieve the same by using PodSecurityPolicy or PodSecurity admission controller. Let me know your thoughts around the same.
@180doman Жыл бұрын
I think you have error (or i dont get it). You used Policy Name instead of Role Name in your role binding command. You should probably use --clusterrole-permissive-role instead of --clusterrole=limited-allow.
@ashumaheshwari1 Жыл бұрын
@sudhir : Thanks for the video can we get the yaml files used in demo, if possible put them in git hub and share the link
@amitpawar3859 Жыл бұрын
nice video.. Very informative tutorial...
Sergio Outdoors
Рет қаралды 78 МЛН
BalcevMMA_BOXING
Рет қаралды 4,4 МЛН
TechWorld with Nana
Рет қаралды 183 М.
Learn with GVR
Рет қаралды 4,6 М.
CNCF [Cloud Native Computing Foundation]
Рет қаралды 49 М.