https://theithollow.com/tags/psp/ Recent content in Psp on The IT Hollow Hugo en-us Tue, 19 Nov 2019 15:05:04 +0000 https://theithollow.com/2019/11/19/kubernetes-pod-security-policies/ Tue, 19 Nov 2019 15:05:04 +0000 https://theithollow.com/2019/11/19/kubernetes-pod-security-policies/ <p>Securing and hardening our Kubernetes clusters is a must do activity. We need to remember that containers are still just processes running on the host machines. Sometimes these processes can get more privileges on the Kubernetes node than they should, if you don&rsquo;t properly setup some pod security. This post explains how this could be done for your own clusters.</p> <h2 id="pod-security-policies---the-theory">Pod Security Policies - The Theory</h2> <p>Pod Security policies are designed to limit what can be run on a Kubernetes cluster. Typical things that you might want to limit are: pods that have privileged access, pods with access to the host network, and pods that have access to the host processes just to name a few. Remember that a container isn&rsquo;t as isolated as a VM so we should take care to ensure our containers aren&rsquo;t adversely affecting our nodes&rsquo;s health and security.</p> https://theithollow.com/2012/03/08/path-selection-policy-with-alua/ Thu, 08 Mar 2012 13:58:05 +0000 https://theithollow.com/2012/03/08/path-selection-policy-with-alua/ <p>It&rsquo;s important to understand how VMware ESXi servers handle connections to their associated storage arrays.</p> <p>If we look specifically with fibre channel fabrics, we have several multipathing options to be considered. There are three path selection policy (PSP) plugins that VMware uses natively to determine the I/O channel that data will travel over to the storage device.</p> <ol> <li>Fixed Path</li> <li>Most Recently Used (MRU)</li> <li>Round Robin (RR)</li> </ol> <p>Let&rsquo;s look at some examples of the three PSPs we&rsquo;ve mentioned and how they behave.  The definitions come from the vSphere 5 storage guide found below.</p>