Enabling PSPs on EKS

As a best practice, PSPs should not be enabled before you create your own policies. This recipe will take you through how to enable PSP on Amazon EKS and how to review default policies.

Let's perform the following steps:

  1. Deploy Kubernetes version 1.13 or higher. PSP will be enabled by default. The default configuration comes with a non-disruptive policy named eks.privileged that has no restrictions. View the default policy with the following command:
$ kubectl get psp eks.privileged
NAME PRIV CAPS SELINUX RUNASUSER FSGROUP SUPGROUP READONLYROOTFS VOLUMES
eks.privileged true * RunAsAny RunAsAny RunAsAny RunAsAny false *
  1. Describe the policy to see its full details, as follows:
$ kubectl describe psp eks.privileged
  1. To review, restore, or delete the default PSP, use the YAML manifest in the example repository in src/chapter9/psp named eks-privileged-psp.yaml.