github.com/Azure/aad-pod-identity@v1.8.17/website/content/en/docs/Configure/enable_psp_enabled_clusters.md

github.com/Azure/aad-pod-identity@v1.8.17/website/content/en/docs/Configure/enable_psp_enabled_clusters.md (about)

     1  ---
     2  title: "Enable PSP Clusters"
     3  linkTitle: "Enable PSP Clusters"
     4  weight: 8
     5  description: >
     6    If the cluster has Pod Security Policies (PSP) enabled that block hostNetwork and privileged mode, then the aad-pod-identity will be unable to run.
     7  ---
     8  
     9  ## Policy to allow aad-pod-identity to work in PSP enabled clusters
    10  
    11  The NMI component of aad-pod-identity runs on `hostNetwork` and in `privileged` mode. If the cluster has Pod Security Policies (PSP) enabled that block `hostNetwork` and `privileged` mode, then the aad-pod-identity will be unable to run. The following step will create a PSP that allows the required access for aad-pod-identity components only in the desired namespace -
    12  
    13  
    14  ```bash
    15  kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/master/examples/psp-podidentity.yaml
    16  ```