mirror of
https://github.com/rancher/rancher-docs.git
synced 2026-05-05 12:43:16 +00:00
Marty Hernandez Avedon
61b02185af
* canonicized horizontal-pod-autoscaler * added files_without_canonical.txt to gitignore * canonized access-clusters * canonicized manage-persistent-storage * canonicized install-cluster-autoscaler * canonicized provisioning-storage-examples * canonicized manage-clusters * missing versioned_docs
23 lines
1.3 KiB
Markdown
23 lines
1.3 KiB
Markdown
---
|
|
title: Assigning Pod Security Policies
|
|
---
|
|
|
|
<head>
|
|
<link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/manage-clusters/assign-pod-security-policies"/>
|
|
</head>
|
|
|
|
_Pod Security Policies_ are objects that control security-sensitive aspects of pod specification (like root privileges).
|
|
|
|
## Adding a Default Pod Security Policy
|
|
|
|
When you create a new cluster with RKE, you can configure it to apply a PSP immediately. As you create the cluster, use the **Cluster Options** to enable a PSP. The PSP assigned to the cluster will be the default PSP for projects within the cluster.
|
|
|
|
>**Prerequisite:**
|
|
>Create a Pod Security Policy within Rancher. Before you can assign a default PSP to a new cluster, you must have a PSP available for assignment. For instruction, see [Creating Pod Security Policies](../authentication-permissions-and-global-configuration/create-pod-security-policies.md).
|
|
>**Note:**
|
|
>For security purposes, we recommend assigning a PSP as you create your clusters.
|
|
|
|
To enable a default Pod Security Policy, set the **Pod Security Policy Support** option to **Enabled**, and then make a selection from the **Default Pod Security Policy** drop-down.
|
|
|
|
When the cluster finishes provisioning, the PSP you selected is applied to all projects within the cluster.
|