Skip to content

Instantly share code, notes, and snippets.

@karthik101

karthik101/kubelet-psp.yml

Created October 16, 2020 12:51
Show Gist options
  • Save karthik101/fe48fc366a3397bc0e6e1d74f9509e5b to your computer and use it in GitHub Desktop.
Save karthik101/fe48fc366a3397bc0e6e1d74f9509e5b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kubelet-psp.yml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: kube-system
spec:
allowPrivilegeEscalation: true
allowedCapabilities:
- '*'
fsGroup:
rule: RunAsAny
hostIPC: true
hostNetwork: true
hostPID: true
hostPorts:
- max: 65536
min: 1
privileged: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kops:kube-system:psp
rules:
- apiGroups:
- policy
resourceNames:
- kube-system
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kops:kube-system:psp
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kops:kube-system:psp
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:masters
- apiGroup: rbac.authorization.k8s.io
kind: User
name: kubelet
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment