See
https://medium.com/coryodaniel/kubernetes-assigning-pod-security-policies-with-rbac-2ad2e847c754
Code Block |
---|
kubectl get psp
kubectl get roles --all-namespaces
kubectl get clusterroles
#check access
$ kubectl auth can-i use psp/privileged
Warning: resource 'podsecuritypolicies' is not namespace scoped in group 'policy'
yes
$ kubectl auth can-i use psp/privileged --as-group=system:authenticated --as=any-user
Warning: resource 'podsecuritypolicies' is not namespace scoped in group 'policy'
no
|
References
Reference | URL |
---|---|
Getting started with Pod Security Policies and best practices in Production | https://www.youtube.com/watch?v=30ro9_ivTek |
PSP Documentation | https://kubernetes.io/docs/concepts/policy/pod-security-policy/ |
Kubernetes: Assigning Pod Security Policies with RBAC | https://medium.com/coryodaniel/kubernetes-assigning-pod-security-policies-with-rbac-2ad2e847c754 |