I am trying to debug why pod security policy (psp) isn't applying. Running the following shows no resources found. Not sure if this is sufficient to confirm psp is enabled.
$ kubectl get psp
No resources found.Thanks.
https://kubernetes.io/docs/concepts/policy/pod-security-policy/#enabling-pod-security-policies
Pod security policy control is implemented as an optional (but recommended) admission controller. PodSecurityPolicies are enforced by enabling the admission controller, but doing so without authorizing any policies will prevent any pods from being created in the cluster.
Since the pod security policy API (policy/v1beta1/podsecuritypolicy) is enabled independently of the admission controller, for existing clusters it is recommended that policies are added and authorized before enabling the admission controller.
No, it's not enough to prove it's enabled, as mentioned Ijaz by quoting the documentation.
On GCP, you can do that :
gcloud beta container clusters describe $CLUSTER_NAME --zone $CLUSTER_ZONE | grep -A 1 podSecurityPolicyConfigIf enabled, the expected output is :
podSecurityPolicyConfig:
enabled: trueOtherwise you'll get something like that:
podSecurityPolicyConfig: {}
privateCluster: true