Difference between revisions of "Kubernetes PodSecurityPolicy (PSP) (deprecated)"
Jump to navigation
Jump to search
| (8 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
* https://kubernetes.io/docs/concepts/security/pod-security-policy/ | * https://kubernetes.io/docs/concepts/security/pod-security-policy/ | ||
| − | Deprecated in [[v1.21]] (April 2021) | + | Deprecated in [[v1.21]] (April 2021), removed in [[v1.25]] (Aug 2022) |
[[kubectl get psp]] | [[kubectl get psp]] | ||
| Line 7: | Line 7: | ||
| − | kubernetes.io/psp: eks.privileged | + | [[kubernetes.io/psp]]: [[eks.privileged]] |
| + | |||
| + | kubectl get pods \ | ||
| + | --all-namespaces \ | ||
| + | --output jsonpath='{.items[*].metadata.annotations.kubernetes\.io\/psp}' \ | ||
| + | | tr " " "\n" | sort -u | ||
| + | |||
| + | == Errors == | ||
| + | [[helm install --set persistence.enabled=true grafana grafana/grafana]] | ||
| + | Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found | ||
| + | for name: "grafana" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "[[policy/v1beta1]]" | ||
| + | ensure [[CRDs]] are installed first, resource mapping not found for name: "grafana-test" namespace: "" from "": no | ||
| + | matches for kind "PodSecurityPolicy" in version "[[policy/v1beta1]]" | ||
| + | ensure CRDs are installed first] | ||
== Related == | == Related == | ||
| Line 13: | Line 26: | ||
== See also == | == See also == | ||
| + | * {{OPA}} | ||
* {{PSP}} | * {{PSP}} | ||
| − | * {{ | + | * {{Gatekeeper}} |
| + | * {{K8s security}} | ||
[[Category:K8s]] | [[Category:K8s]] | ||
Latest revision as of 08:59, 26 January 2024
Deprecated in v1.21 (April 2021), removed in v1.25 (Aug 2022)
kubectl get psp kubectl get psp eks.privileged
kubernetes.io/psp: eks.privileged
kubectl get pods \
--all-namespaces \
--output jsonpath='{.items[*].metadata.annotations.kubernetes\.io\/psp}' \
| tr " " "\n" | sort -u
Errors[edit]
helm install --set persistence.enabled=true grafana grafana/grafana Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "grafana" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1" ensure CRDs are installed first, resource mapping not found for name: "grafana-test" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1" ensure CRDs are installed first]
Related[edit]
See also[edit]
- Open Policy Agent (OPA), Gatekeeper
- PodSecurityPolicy (PSP) (deprecated), PSA, PSS,
kubernetes.io/psp - Gatekeeper, installation, XProtect, OPA,
gatekeeper.sh, config.gatekeeper.sh, gatekeeper-webhook-service - Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io, Hardeneks, Gatekeeper (Kubernetes)
Advertising:
