Ability to add exception to RKE2 securitypolicy for root pods or specific namespace

184 Views Asked by IT_User At 04 June 2023 at 02:51

Good afternoon.

So I have an RKE2 cluster with the security policy in place that does not allow root pods to run. I have a pod that has to run as root and have been trying to figure out how to allow my pod to deploy on this cluster without success.

So far I have tried to explicitly set the following:

securityContext:
  runAsUser: 0
  runAsGroup: 0

The pod still fails to be allowed to run on the environment. Is there a way to not totally disable the security policy and perhaps an an exception for a single namespace? Thank you.

Original Q&A

There are 1 best solutions below

Sai Chandra Gadde On 04 June 2023 at 07:29 BEST ANSWER

To create a pod that has to run as root when cluster with the security policy in place that does not allow root pods to run you need to create a security policy for each namespace. Role Based Access Control (RBAC) allows you to create fine-grained roles and policies to manage access control for users and software running on your cluster, you can find more information in this document.

PodSecurityPolicy is deprecated and will be completely removed in v1.25, you should start considering migrating to Pod Security Admission where "kube-system" namespace is explicitly exempted from PodSecurity.

Known limitations: Namespace policy update warnings

Follow this document for more information

Ability to add exception to RKE2 securitypolicy for root pods or specific namespace

There are 1 best solutions below

Related Questions in KUBERNETES

Related Questions in SECURITY-POLICY

Related Questions in RKE2

Trending Questions

Popular # Hahtags

Popular Questions