File tree Expand file tree Collapse file tree 1 file changed +25
-0
lines changed Expand file tree Collapse file tree 1 file changed +25
-0
lines changed Original file line number Diff line number Diff line change 1+ # Examples
2+
3+ ## Environment
4+ ** Namespace** | ** Service Account** | ** Role** | ** Pod Security Policy**
5+ --- | --- | --- | ---
6+ privileged | privileged-sa | psp-privileged-role | psp-privielged
7+ restricted | restricted-sa | psp-restricted-role | psp-restricted
8+
9+ In order to enforce the pod security policies, the service accounts need to be authorized to use the pod security policy.
10+
11+ ** Role** | ** Rule Verb** | ** Rule API Group** | ** Rule Resources** | ** Rule Resource Name**
12+ --- | --- | --- | --- | ---
13+ privileged-role | use | policy | podsecuritypolicies | psp-privileged
14+ restricted-role | use | policy | podsecuritypolicies | psp-restricted
15+
16+ ## Try out examples
17+ 1 . setup k8s cluster
18+ 2 . run ` make build ` to build the ` kube-psp-advisor ` binary
19+ 3 . under the examples directory, run ` ./deploy.sh `
20+
21+ ## Explanation of examples
22+ 1 . deploy ` restrcited ` and ` privileged ` namespaces with services account, roles, rolebindings and pods to k8s cluster
23+ 2 . ` kube-psp-advisor ` generates pod security policies seperately for namespaces ` restricted ` and ` privileged ` and then apply to cluster
24+ 3 . test pod security policies with pods that comply with pod security policies (pods-allows.yaml)
25+ 4 . test pod security policies with pods that violate pod security policies (pods-deny.yaml)
You can’t perform that action at this time.
0 commit comments