Add PodSecurityPolicy admission controller.

2017-03-29 18:02:34 +02:00 · 2017-03-29 18:02:34 +02:00 · 0e8f7ded2d
parent 05f949d7a2
commit 0e8f7ded2d
2 changed files with 12 additions and 1 deletions
--- a/docs/admin/admission-controllers.md
+++ b/docs/admin/admission-controllers.md
@ -257,6 +257,17 @@ storage classes and how to mark a storage class as default.
 This plug-in sets the default forgiveness toleration for pods, which have no forgiveness tolerations, to tolerate
 the taints `notready:NoExecute` and `unreachable:NoExecute` for 5 minutes.

+### PodSecurityPolicy
+
+This plug-in acts on creation and modification of the pod and determines if it should be admitted
+based on the requested security context and the available Pod Security Policies.
+
+For Kubernetes < 1.6.0, the API Server must enable the extensions/v1beta1/podsecuritypolicy API
+extensions group (`--runtime-config=extensions/v1beta1/podsecuritypolicy=true`).
+
+See also [Pod Security Policy documentation](/docs/user-guide/pod-security-policy/index.md)
+for more information.
+
 ## Is there a recommended set of plug-ins to use?

 Yes.
--- a/docs/user-guide/pod-security-policy/index.md
+++ b/docs/user-guide/pod-security-policy/index.md
@ -185,7 +185,7 @@ podsecuritypolicy "permissive" deleted
 In order to use Pod Security Policies in your cluster you must ensure the 
 following

-1.  You have enabled the api type `extensions/v1beta1/podsecuritypolicy`
+1.  You have enabled the api type `extensions/v1beta1/podsecuritypolicy` (only for versions prior 1.6)
 1.  You have enabled the admission controller `PodSecurityPolicy`
 1.  You have defined your policies