Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for PodSecurityPolicy Admission Controller #174

Closed
gavinbunney opened this issue Feb 26, 2019 · 6 comments
Closed

Support for PodSecurityPolicy Admission Controller #174

gavinbunney opened this issue Feb 26, 2019 · 6 comments
Labels
EKS Amazon Elastic Kubernetes Service Proposed Community submitted issue

Comments

@gavinbunney
Copy link

Tell us about your request
We are looking at adding a PodSecurityPolicy to our EKS clusters, mostly focused on restricting privileged containers and hostPath mounting. It looks like EKS doesn’t yet support the PodSecurityPolicy Admission Controller.

Which service(s) is this request for?
EKS

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
We operate a shared group of EKS clusters for a wide-range of internal development teams. For this multi-tenant nature, we like to prevent inadvertent changes by developers to kernel parameters, breaking host components etc which may cause issues in other pods.

Are you currently working around this issue?
Hoping 🙏

Additional context

Attachments

@gavinbunney gavinbunney added the Proposed Community submitted issue label Feb 26, 2019
@tabern tabern added the EKS Amazon Elastic Kubernetes Service label Mar 2, 2019
@tabern tabern changed the title [EKS] [request]: PodSecurityPolicy Support Support for PodSecurityPolicy Admission Controller Mar 2, 2019
@ghost
Copy link

ghost commented Mar 5, 2019

Will AWS break "alpha feature rule" for PodSecurityPolicy?

PSP turns beta in 1.13 only.

See awslabs/amazon-eks-ami#145 (comment)

@pawelprazak
Copy link

Will delivering #30 help with this issue (as also asked in the other issue: #30 (comment))?

@llamahunter
Copy link

Why do you say that PodSecurityPolicy is in alpha until 1.13? Docs seem to indicate it was beta long before that. e.g. https://v1-11.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#podsecuritypolicy-v1beta1-extensions

@rvadim
Copy link

rvadim commented Apr 29, 2019

We can't use EKS until PSP support will be added =(

@tabern
Copy link
Contributor

tabern commented Jun 17, 2019

Can confirm that EKS will support the PodSecurityPolicy admission controller along with K8s version 1.13 - #30

@tabern
Copy link
Contributor

tabern commented Jun 19, 2019

K8s 1.13 includes default support for the PodSecurityPolicy Admission controller. #30

Learn more on the AWS Blog: Using Pod Security Policies with Amazon EKS Clusters or documentation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
EKS Amazon Elastic Kubernetes Service Proposed Community submitted issue
Projects
None yet
Development

No branches or pull requests

5 participants