Chris DeLashmutt cdelashmutt-pivotal

## ISTIO 1.4 on PKS with PSPs.md

      
              8 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                cdelashmutt-pivotal
                / ISTIO 1.4 on PKS with PSPs.md
            
            
              Last active
              December 5, 2019 23:41
                — forked from svrc/ISTIO 1.4 on PKS with PSPs.md
            
              
                Installing Istio 1.4 on PKS with restrictive Pod Security Policy 
              
          
    What does this GIST do or not do


Shows you how to use Istio 1.4 on Kubernetes 1.14+ with a modicum of runtime security for your workloads.
Specifically it installs Istio with CNI support, and allows the use of restrictive PodSecurityPolicies for your workloads.
It is designed for VMware PKS, but doesn't require it ... (just change the CNI bin dir and excluded namespaces in values-cni.yml, also swap the ClusterRole pks-privileged and pks-restricted mentioned throughout these files with your own PSP roles).
It doesn't fix the need for Istio itself to run as root, but that should be fixed in a future Istio release as it's already fixed in trunk.

Prerequisites


You are logged into your cluster as a cluster admin, K8s 1.14 at least