public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-04-15 19:05:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update _index.md

Browse Source
This commit is contained in:
Denise
2018-06-07 20:23:29 -07:00
committed by GitHub
parent cca06e04b2
commit 67c2d4cfa7
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
content/rancher/v2.x/en/concepts/global-configuration/_index.md
View File

@@ -260,7 +260,7 @@ _Pod Security Policies_ (or PSPs) are objects that control security-sensitive as
- By default, PSPs assigned to a cluster are inherited by its projects, as well as any namespaces added to those projects.
- **Exception:** Namespaces that are not assigned to projects do not inherit PSPs, regardless of whether the PSP is assigned to a cluster or project. Because these namespaces have no PSPs, workload deployments to these namespaces will fail, which is the default Kubernetes behavior.
- You can override the default PSP by assigning a different PSP directly to the project.
- Any workloads that are already running in a cluster or project are exempt from PSPs assigned afterwards. If you want to apply the PSP to workloads that are already running, we recommend cloning them (or upgrading them, if an upgrade is available). Delete any stale workloads that remain.
- Any workloads that are already running in a cluster or project before a PSP is assigned will not be checked if it complies with the PSP. Workloads would need to be cloned or upgraded to see if they pass the PSP.
Read more about Pod Security Policies in the [Kubernetes Documentation](https://kubernetes.io/docs/concepts/policy/pod-security-policy/).