Chris Snell
Reputation: 1003
Is there a way to allow the launching of privileged pods only in certain namespaces?
Is there a way to allow only certain namespaces or users to launch privileged pods? I need to launch a certain service in a privilege mode-enabled container but I don't want to grant this ability to all users.
Running kubelet with --allow-privileged=true seems to permit anybody to run a privileged container.
Upvotes: 0
Views: 293
Answers (1)
CJ Cullen
Reputation: 5642
Right now, I don't believe this is possible. I think PodSecurityPolicy may eventually be the way to accomplish this, but right now, it is a non-namespaced object. Some of the work is still ongoing, and you can track it on Kubernetes Issue #23217.
Upvotes: 1
Related Questions
- How to use network policy to allow access to pods only from a specific namespace to another in kubernetes?
- Kubernetes Restrict Node to run labeled pods only
- Isolate pods in a namepace from other namespaces using network policy
- Kubernetes network policy to filter on both namespaces and pod's labels
- Restrict other namespace to access pod
- Can a Pod Security Policy be applied to a namespace?
- How to apply kubernetes network policies to restrict access of namespace from other namespace?
- Prevent a user to spawn pod in restricted namespace on kubernetes
- Grant privileges to specific namespaces for every user
- How to restrict access to some Kubernetes namespace allowing access only by some pods?