Pod isolation

Pod security policies can be used to enforce container image security for the pods in your cluster. A pod security policy is a cluster level resource that controls the security sensitive aspects of pod specification and the set of conditions that must be met for a pod to be admitted into the cluster.

Pod security policies are used to set up cluster-level control over what a pod can do or what it can access.

The following pod security policies are available in IBM® Cloud Private.

With this new security policy, the cluster administrator can assign the required permissions for a namespace, and then authorize the namespace to use that pod security policy. Users in that designated namespace are able to create pods with elevated permissions. For example, a user in the Dev namespace can create privileged pods, and can use the host network.

For more information about policies, see Pod Security Policies on the Kubernetes Concepts page Opens in a new tab.

Required user type or access level: Cluster administrator