Disable PSPs¶
You can disable the function of Pod Security Policies (PSPs) in MKE by making an update to the MKE configuration file.
Caution
Disabling PSPs will cause Pods to run without a seccomp
policy, which
enables the Pods to make system calls that were formerly blocked.
Obtain the current MKE configuration file for your cluster.
Set the
cluster_config.policy_enforcement.pod_security_policy
configuration parameter to"false"
. For more information, refer to cluster_config.policy_enforcement.Optional, and recommended. Enable the default
seccomp
policy for MKE Pods by setting thecluster_config.custom_kubelet_flags
parameter to["--feature-gates=SeccompDefault=true","--seccomp-default"]
.Upload the new MKE configuration file. Be aware that the upload requires a wait time of at least five minutes.