Disable PSPs

You can disable the function of Pod Security Policies (PSPs) in MKE by making an update to the MKE configuration file.

Caution

Disabling PSPs will cause Pods to run without a seccomp policy, which enables the Pods to make system calls that were formerly blocked.

  1. Obtain the current MKE configuration file for your cluster.

  2. Set the cluster_config.policy_enforcement.pod_security_policy configuration parameter to "false". For more information, refer to cluster_config.policy_enforcement.

  3. Optional, and recommended. Enable the default seccomp policy for MKE Pods by setting the cluster_config.custom_kubelet_flags parameter to ["--feature-gates=SeccompDefault=true","--seccomp-default"].

  4. Upload the new MKE configuration file. Be aware that the upload requires a wait time of at least five minutes.