I am in the need of turning on the PodSecurityPolicy admission controller to add an extra layer of security.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×Hi there,
Based off the kubernetes documentation at the bottome of this reply, users would need to modify the runtime parameters of the master API. This currently is not accessible to our users as the master and api settings are managed by DO. We currently use the following admission controllers by default:
Question
--enable-admission-plugins=NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota
We are always looking at ways to improve the product, and the current admission controllers in use may change as the product matures and new features become available and more stable. SO just because it is not enabled now it doesn’t mean it never will be.
Regards,
John Kwiatkoski
Senior Developer Support Engineer
https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/
Thank you for the transparency. It looks like the Validating Admission Webhook could do the trick.