Use the Pod Security Standards Restricted v2022 policy bundle with Anthos Policy Controller to to achieve many of the protections of the Kubernetes Pod Security Standards (PSS) Restricted policy.
The constraint listed below come preconfigured to the mapped PSS Restricted Controls.
PSS Restricted Control | Constraint |
---|---|
Volume Types | pss-restricted-v2022-volume-types |
Privilege Escalation | pss-restricted-v2022-privilege-escalation |
Running as Non-root | pss-restricted-v2022-running-as-non-root |
Running as Non-root user | pss-restricted-v2022-running-as-non-root |
Seccomp | pss-restricted-v2022-seccomp |
Capabilities | pss-restricted-v2022-capabilities |
This bundle requires Anthos Policy Controller v1.11.1 or higher.
kubectl kustomize https://github.com/GoogleCloudPlatform/acm-policy-controller-library.git/anthos-bundles/pss-restricted-v2022
kubectl apply -k https://github.com/GoogleCloudPlatform/acm-policy-controller-library.git/anthos-bundles/pss-restricted-v2022