Difficulty: intermediate
Estimated Time: 10-15 minutes

This scenario explains the usage of PodSecurityPolicy in a Kubernetes cluster.

For detailed explaination of PodSecurityPolicy usage scenarios please refer to my blog article http://cloudgeekz.com/1204/docker-cluster-kubernetes-policies.html

This scenario has explained how to launch a Kubernetes cluster and use PodSecurityPolicy to enforce clsuter wide policies.

Using Pod Security Policy in a Kubernetes Cluster

Step 1 of 7

Step 1 - Etcd

Etcd is a "Distributed reliable key-value store for the most critical data of a distributed system". Kubernetes uses Etcd to store state about the cluster and service discovery between nodes. This state includes what nodes exist in the cluster, which nodes they are running on and what containers should be running.

The command below will launch a single node etcd cluster listening on port 4001. docker run -d --name=etcd \ --net=host \ gcr.io/google_containers/etcd:2.2.5 \ /usr/local/bin/etcd \ --listen-client-urls=http://0.0.0.0:4001 \ --advertise-client-urls=http://0.0.0.0:4001 \ --data-dir=/var/etcd/data

The net=host means the container will share the same network as the host, removing the need to map ports.

In production you would want to run etcd on three separate machines to ensure maximum availability.

This tab will not be visible to users and provides only information to help authors when creating content.

Creating Katacoda Scenarios

Thanks for creating Katacoda scenarios. This tab is designed to help you as an author have quick access the information you need when creating scenarios.

Here are some useful links to get you started.

Running Katacoda Workshops

If you are planning to use Katacoda for workshops, please contact [email protected] to arrange capacity.

Debugging Scenarios

Below is the response from any background scripts run or files uploaded. This stream can aid debugging scenarios.

If you still need assistance, please contact [email protected]