This scenario explains the usage of PodSecurityPolicy in a Kubernetes cluster.
For detailed explaination of PodSecurityPolicy usage scenarios please refer to my blog article http://cloudgeekz.com/1204/docker-cluster-kubernetes-policies.html
Using Pod Security Policy in a Kubernetes Cluster
Step 1 - Etcd
Etcd is a "Distributed reliable key-value store for the most critical data of a distributed system". Kubernetes uses Etcd to store state about the cluster and service discovery between nodes. This state includes what nodes exist in the cluster, which nodes they are running on and what containers should be running.
The command below will launch a single node etcd cluster listening on port 4001.
docker run -d --name=etcd \
The net=host means the container will share the same network as the host, removing the need to map ports.
In production you would want to run etcd on three separate machines to ensure maximum availability.