Applying Pod Security Policies to Projects

These cluster options are only available for clusters in which Rancher has launched Kubernetes.

You can always assign a pod security policy (PSP) to an existing project if you didn’t assign one during creation.

Prerequisites

Applying a Pod Security Policy

  1. In the upper left corner, click ☰ > Cluster Management.

  2. On the Clusters page, go to the cluster where you want to move a namespace and click Explore.

  3. Click Cluster  Projects/Namespaces.

  4. Find the project that you want to add a PSP to. From that project, select ⋮ > Edit Config.

  5. From the Pod Security Policy drop-down, select the PSP you want to apply to the project. Assigning a PSP to a project will:

    • Override the cluster’s default PSP.

    • Apply the PSP to the project.

    • Apply the PSP to any namespaces you add to the project later.

  6. Click Save.

Result: The PSP is applied to the project and any namespaces added to the project.

Any workloads that are already running in a cluster or project before a PSP is assigned will not be checked to determine if they comply with the PSP. Workloads would need to be cloned or upgraded to see if they pass the PSP.