Pod isolation

Pod security policies can be used to enforce container image security for the pods in your cluster. A pod security policy is a cluster level resource that controls the security sensitive aspects of pod specification and the set of conditions that must be met for a pod to be admitted into the cluster.

Pod security policies are used to set up cluster-level control over what a pod can do or what it can access.

The following pod security policies are available in IBM® Cloud Private:

• ibm-restricted-psp
• ibm-anyuid-psp
• ibm-anyuid-hostpath-psp
• ibm-anyuid-hostaccess-psp
• ibm-privileged-psp

With this new security policy, the cluster administrator can assign the required permissions for a namespace, and then authorize the namespace to use that pod security policy. Users in that designated namespace are able to create pods with elevated permissions. For example, a user in the Dev namespace can create privileged pods, and can use the host network.

For more information about policies, see Pod Security Policies .

Required user type or access level: Cluster administrator

• Pod security
• Using namespaces with pod security policies
• Planning for isolated pods
• Enabling pod isolation
• Managing namespace bindings to pod security policies
• Deploying Cloud Paks and Helm charts