Skip to content

Latest commit

 

History

History
 
 

pss-restricted-v2022

PSS Restricted v2022

Description

Use the Pod Security Standards Restricted v2022 policy bundle with Anthos Policy Controller to to achieve many of the protections of the Kubernetes Pod Security Standards (PSS) Restricted policy.

The constraint listed below come preconfigured to the mapped PSS Restricted Controls.

PSS Restricted Control Constraint
Volume Types pss-restricted-v2022-volume-types
Privilege Escalation pss-restricted-v2022-privilege-escalation
Running as Non-root pss-restricted-v2022-running-as-non-root
Running as Non-root user pss-restricted-v2022-running-as-non-root
Seccomp pss-restricted-v2022-seccomp
Capabilities pss-restricted-v2022-capabilities

Compatibility

This bundle requires Anthos Policy Controller v1.11.1 or higher.

Usage

(Optional) Preview the policy constraints with kubectl:

kubectl kustomize https://github.com/GoogleCloudPlatform/acm-policy-controller-library.git/anthos-bundles/pss-restricted-v2022

Apply the policy constraints with kubectl:

kubectl apply -k https://github.com/GoogleCloudPlatform/acm-policy-controller-library.git/anthos-bundles/pss-restricted-v2022