Applying the Pod Security Policies for Component Pack

Install the k8s-psp helm chart to apply the Pod Security Policies needed for Component Pack applications.

About this task

Procedure

  1. Install the k8s-psp Helm chart by running the following command: In the command, replace extractedFolder with the location of the directory where you extracted the Component Pack installation package.
    helm install \
    --name=k8s-psp extractedFolder/microservices_connections/hybridcloud/helmbuilds/k8s-psp-0.1.0-20191121-224135.tgz
    
  2. Verify that policies have been applied by running the following command: kubectl get psp
    The following Component Pack policies appear:
    $ kubectl get psp
    NAME                  PRIV      CAPS                    SELINUX    RUNASUSER          FSGROUP     SUPGROUP    READONLYROOTFS   VOLUMES
    filebeat              false                             RunAsAny   RunAsAny           MustRunAs   MustRunAs   false            configMap,emptyDir,projected,secret,downwardAPI,persistentVolumeClaim,hostPath
    infra-elasticsearch   true      IPC_LOCK,SYS_RESOURCE   RunAsAny   RunAsAny           MustRunAs   MustRunAs   false            configMap,emptyDir,projected,secret,downwardAPI,persistentVolumeClaim
    infra-storage         false                             RunAsAny   RunAsAny           MustRunAs   MustRunAs   false            configMap,emptyDir,projected,secret,downwardAPI,persistentVolumeClaim
    privileged            true      *                       RunAsAny   RunAsAny           RunAsAny    RunAsAny    false            *
    restricted            false                             RunAsAny   MustRunAsNonRoot   MustRunAs   MustRunAs   false            configMap,emptyDir,projected,secret,downwardAPI,persistentVolumeClaim