Easing the burden of the Kubernetes Pod Security Policy setup
2020-03-28, 10:25–10:55, Room 2

A Pod Security Policy defines what conditions a pod must meet to be accepted into the system. Defining these objects at a Kubernetes cluster is not always easy. Will it be too restrictive or too loose? But, is there any alternative to copy-pasting from previous deployments? Which RBAC permissions should I create?
Some tools exist that ease the process of deploying PSPs in your Kubernetes cluster. From generating the most restrictive PSP (principle of least privilege) for your deployment pod spec with kube-psp-advisor to creating RBAC definitions with rbac-manager. We will take some demo example applications and will generate PSP and RBAC permissions for them in a real use case scenario.


This talk aims to introduce basic open source tools to secure deployments with PSPs. PSPs are not enabled by default and this talk could be a first contact about how to set it up at your cluster and start securing it.