-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for PodSecurityPolicy Admission Controller #174
Comments
Will AWS break "alpha feature rule" for PodSecurityPolicy? PSP turns beta in 1.13 only. |
Will delivering #30 help with this issue (as also asked in the other issue: #30 (comment))? |
Why do you say that PodSecurityPolicy is in alpha until 1.13? Docs seem to indicate it was beta long before that. e.g. https://v1-11.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#podsecuritypolicy-v1beta1-extensions |
We can't use EKS until PSP support will be added =( |
Can confirm that EKS will support the PodSecurityPolicy admission controller along with K8s version 1.13 - #30 |
K8s 1.13 includes default support for the PodSecurityPolicy Admission controller. #30 Learn more on the AWS Blog: Using Pod Security Policies with Amazon EKS Clusters or documentation |
Tell us about your request
We are looking at adding a PodSecurityPolicy to our EKS clusters, mostly focused on restricting privileged containers and hostPath mounting. It looks like EKS doesn’t yet support the PodSecurityPolicy Admission Controller.
Which service(s) is this request for?
EKS
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
We operate a shared group of EKS clusters for a wide-range of internal development teams. For this multi-tenant nature, we like to prevent inadvertent changes by developers to kernel parameters, breaking host components etc which may cause issues in other pods.
Are you currently working around this issue?
Hoping 🙏
Additional context
Attachments
The text was updated successfully, but these errors were encountered: