►
Description
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
PSP is Dead, Long Live PodSecurity - Monis Khan, VMware; Mike Danese, Google
After a quick intro, this presentation will touch upon two auth features that recently went GA: bound service account tokens [1] and kubectl credential plugins [2]. The bulk of the talk will focus on the replacement for pod security policy: pod security admission control [3]. We will cover the reasons behind the replacement of PSP along with the specific technical details of PSA. [1] https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume [2] https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins [3] https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2579-psp-replacement
A
I'm
mike-
and
this
is
mo
so
I
will
be
doing
this-
is
technically
the
sig
of
deep
dive,
so
I'll
be
covering
a
little
bit
of
cigar
stuff.
I'm
gonna
give
you
guys
a
highlight
reel
of
what
we've
been
working
on
over
the
past
year
or
so
because
I
know
it's
been
a
while,
since
we
talked
and
then
I'll
hand
it
off
to
mo
who
will
begin
the
deep
dive
into
pod
security.
A
A
I
think
it
had
been
around
in
beta
since,
like
1-6,
so
it's
like,
maybe
three
years
overdue,
for
going
ga
before
the
ga.
Some
some
notable
changes
were
added,
such
as
a
new
signer
name
api.
So
now
the
api
can
be
divided
between
multiple
consumers.
After
ga
a
duration,
hint
was
added.
So
now
you
can
sign
certificates
or
you
can
request
certificates
for
specific
durations.
A
And
that
paves
the
way
for
moving
some
of
the
final
entry
authentication
plugins
for
clouds
out
of
tree.
So
that's
kind
of
part
of
the
whole
club
provider
extraction
effort,
and
we
also
have
a
proposal
to
extend
support
for
those
plugins
to
to
request
signing
and
like
mutual
tls
protocols
and
the
token
request.
A
Api
bound
service
account
token
volume
and
provisioning
for
bound
service
cat
tokens
to
replace,
like
the
the
legacy
secret
tokens
all
went,
ga
the
and
I
think
the
final
ga
was
in
123.
So
that's
a,
I
think,
a
huge
accomplishment.
I
think
we've
been
working
on
that
for
a
couple
of
years
and
there
it
should
benefit
the
entire
ecosystem,
because
those
have
significantly
better
security
properties
than
legacy
tokens.
A
There's
some
more
work
to
do
there
and
finally,
the
last
highlight
is
we
have
a
sig
sub
project
in
called
this
secret
csi
driver
they're,
actually
implementations
of
so
csi
is
the
canadian
storage
interface.
There
are
implementations
of
the
secret
csi
driver
with
back-ends
for
aws,
azure,
gcp
and
vault,
and
that
allows
configuring
volumes
that
project
secrets
in
external
secret
storage
providers.
C
B
So
there's
caps
open
for
that.
You
know.
There's
plenty
of
work
there
to
be
done.
If
anyone
wants
to
get
involved,
you
know
we're
a
very
cautious
bunch
of
folks.
We
don't
want
to
break
everyone's
stuff,
like
we
understand
that
you
know.
People
run
real
stuff
on
kubernetes
now,
so
we're
trying
very
hard
not
to
break
things,
but
we
also
need
to
move
the
ecosystem
forward.
So
there's
a
balance
there
and
like
rita
and
anish,
have
been
working
on
secret
csi
driver
for
quite
some
time,
so
that
is
also
a
place.
B
One
could
get
involved
to
try
to
push
things
forward,
so
the
rest
of
the
talk
is
mostly
a
code
walkthrough.
So
tabitha
and
tim
had
a
talk
earlier
today
at
2
30
that
talks
about
the
new
p,
the
new
pod
security
stuff.
From
the
perspective
of
like
an
end
user,
this
one
is
more
focused
as
the
perspective
as
a
like
a
perspective
contributor
right
like
if
you
care
about
how
the
code
is
implemented,
and
you
know,
maybe
you
want
to
get
involved
and
help
us
get
it
from
beta
to
ga
and
so
forth.
B
So
everything
in
the
code
walkthrough
is
based
on
123
alpha
3..
So
if
you
see
something,
that's
not
what's
in
head
of
master
right
now,
that's
just
that's
probably
why,
but
in
particular,
jordan
and
tim
really
set
an
incredibly
high
bar
for
the
code,
which
is,
unlike
basically
anything
that
exists
within
tree
that
you
know
this
thing
has
to
run.
You
know,
be
able
to
run
standalone
without,
like
an
api.
Server
can
be
run
as
a
web
hook,
maybe
used
in
ci
tooling.
B
Also,
all
the
the
checks
like
you
know,
is
this
a
para.
Is
this
a
privileged
pod
or
whatever
all
of
those
are
implemented
as
individual
units?
So
there's
not
like
some
large
spaghetti
thing
that
checks
all
the
things
and
the
idea
there
is
over
time.
You
know
we'll
evolve
these
things
and
add
new
checks
or
iterate
on
the
an
existing
check,
but
at
a
different
version.
So
all
of
that
stuff
led
to
a
pretty
pretty
elaborate
implementation.
B
For
what
sort
of
just
sounds
like
a
pretty
simple
thing
like
you
know,
if
this
field
is
set
on
a
pod,
say
no
you're
not
allowed
to
do
that,
because
that's
a
privilege,
part
or
whatever.
So
as
a
most
of
this
slide
is
j
or
sorry.
Most
of
this
talk
is
just
me
going
through
the
code
editor,
but
I
did
have
two
slides
so
as
an
example,
this
is
from
one
of
jordan's
examples
on
this
stuff.
C
B
Want
to
gate
this
all
right,
so
this
is
basically
the
skeleton
of
a
tool
that
can
run
just
completely
without
an
api
server.
Just
and
statically
validate
things
right.
So
the
pod
security
stuff,
unlike
psp,
is
much
more
constrained
right.
You
basically
say
what
level
of
the
api
you
want
and
what
version
all
right
so
like
baseline
or
restricted,
so
restricted
is
best
right
if
you,
if
your
pod
can
work
under
that,
that's
what
you
want-
and
you
know
maybe
maybe
you're
on
like
version
1.19
right
now
and
you're
like
all
right.
B
I
was
given
something
with
a
pod
spec
deployment,
whatever
I'm
going
to
extract
that
spec
out
and
then
I'm
just
going
to
evaluate
it
against
the
level
and
the
version
whatever
you
pass
me
and
just
check
if
it's
allowed
or
not
right.
So
in
roughly
like
100
lines
of
code,
you
have
like
effectively
like
a
production,
ready,
ci
tool,
and
that's
kind
of
the
hope
from
this
is
that
we
want
to
enable
people
to
build
tooling
off
of
this,
and
you
know,
offer
value
just
outside
of
just
pure
kubernetes
admission.
B
So
the
the
notes
that
I
have
kind
of.
Basically,
I
went
through
the
code
and
tried
to
write
notes
on
like
interesting
aspects.
That
might
not
be
completely
obvious.
So
all
the
notes
are
on
that
fork
of
mine.
So
now
I'm
just
going
to
kind
of
walk
through
some
stuff
and
hopefully
it'll
be
helpful
for.
D
B
B
B
But
you
know
what
you
could
do
with
that
is
you
know
you
could
have
your
existing
pod
security
policies,
the
old
style
go
ahead
and
put
the
new
pod
security
stuff
in
an
audit
mode,
but
in
a
very
restricted
mode
and
just
let
it
run
and
generate
events
as
things
are
going
on
right
and
like
you,
the
kubernetes
administrator
can
go
check.
The
audit
log
saying.
Oh,
I
see
that
mo
is
running
this
privileged
pod
that
doesn't
meet
the
requirements.
B
Now
I
can
go
talk
to
mo,
go
ahead
and
start
getting
this
stuff
rectified,
but
that's
only
possible.
You
know
if
you
run
pod
security
in
front
of
pot
security
policy,
and
I
realize
this
is
obnoxious
naming
right
because
pot,
security,
admission
or
pot
security
policy
like
it's
very
hard
to
understand.
Sometimes
what
you're
talking
about,
also
don't
be
confused
by
this.
This
this
piece
of
code
makes
it
sound
like
pot
security
is
enabled
by
default.
It's
not
it's
feature
gated,
so
the
code
is
there
but
feature
gated
off.
B
B
It
bigger
so
I'm
gonna
try
I'm
trying
to
assume
that
folks,
don't
know
how
the
internals
of
cube
work
to
some
degree.
So
one
of
the
sort
of
weird
things
within
the
kubernetes
codebase
is
we
have
this
concept
of
like
an
internal
type
or
a
hub
type.
So
whenever
we
read
your
configurations
or
your
objects,
you
know
we
read
them
as
like
pod,
v1
or
whatever
there's
an
internal
representation,
that's
completely
like
related,
but
it's
meant
to
represent
the
schema
across
all
versions.
B
So,
obviously,
today,
pod
security
doesn't
necessarily
have
that,
but
you'll
you'll
kind
of
notice
some
of
this
stuff.
So,
like
you
know
like
in
this,
where
it's
doing
the
loading,
if
you
don't
provide
it
anything
right,
it's
going
to
be
like
all
right,
I'm
going
to
get
the
alpha
configuration
I'm
going
to
then
default.
It
we'll
look
at
what
the
defaults
look
like.
Then
I'm
going
to
convert
it
into
the
internal
version.
B
Don't
get
too
stressed
about
this,
but
this
is
like
all
over.
Our
code
basis
happens
all
the
time,
but
the
defaults
for
pod
security
policy
are
are
kind
of
what
you
would
expect,
which
is,
if
you
don't
tell
us,
we
just
assume
you
mean
privileged
and
if
you
don't
tell
us
a
version,
we
just
assume
latest
which,
by
the
way
privilege
means
don't
do
anything.
So
in
order
to
not
break
all
your
stuff,
we
do
nothing
by
default.
You
have
to
tell
us
to
do
something.
B
B
So
looking
at
the
actual
configuration,
it's
pretty
straightforward
right,
it's
you
know
like
what
version
do
you
want
to
enforce
that?
What
version
do
you
want
to
audit
at?
So?
Oh
I'm,
sorry,
I
yeah
I
will.
I
will
try
to
remember
the
sort
of
interesting
bit
here.
Is
there
is
a
hard-coded
list
of
exemptions,
so
you
can
imagine
that
you
have
a
pod,
runtime
class.
That
is,
I
don't
know,
running
vms
under
the
hood
and
you're
like
I
don't
need
pot
security
like
I
just
have
strict
isolation.
B
You
could
similarly
have
some
user,
that's
always
allowed
to
run
privilege,
pods
or
whatever,
and
you
know
then
you're
saying
I'm
taking
ownership
of
somehow
gaining
access
to
these
pods
right,
because
if
you
can
let
like
as
a
for
example,
if
you
let
arbitrary
people
execute
to
a
running
privileged
pod.
Well,
you
have
broken
all
security
for
your
cluster.
B
B
B
B
You
just
want
to
prevent
the
pots
from
being
run
so
because
you
can
imagine
you
could
have
a
mutating
web
hook
that
will
coerce
the
pod
into
a
correct
shape
when
it's
created,
even
if
the
deployment
has
something
slightly
different
in
it.
So
for
the
most
part
it
doesn't
enforce
on
the
embedded
stuff.
B
So
we
can.
We
can
kind
of
look
at
how
some
of
this
code
works.
Real,
quick,
let's
see
like
the
validation
logic,
is
so,
as
I
just
mentioned
like
so
there's
distinct
logic
for
how
name
spaces
are
valid.
Pods
are
validated
or
pod
controller,
pod
controller
being
like
controllers
that
cause
the
generation
of
pods
because
they
have
an
embedded
pot
spec
somewhere
within
the
schema
like
a
deployment.
B
A
B
So
what
we
have
is
basically
this
little
evaluator
thing
which
takes
a
series
of
checks,
and
so
the
idea
is
that
this
evaluator,
you
know,
is
given
the
input
it
runs.
All
the
checks
and
says
is
everything.
Okay.
Some
of
this
code
is
like
a
little
bit
hard
to
read
because
it's
trying
to
do
like
well,
you
have
a
check
at
like
version
1.12,
but
this
is
version
1.20.
B
B
B
Oh,
I'm
sorry,
lord,
I
can
read
it
so
I
assume
you
can
read
it.
I
apologize
yeah
it
does.
It
does
work
on
my
machine,
so
you
know
what
does
a
check
happen?
It's
basically
like
a
unique
id.
What
level
does
it
run
on
like
baseline
and
restricted
and
then
the
specific
checks
over
time
right?
So
you
could
have
a
check
the
same
check
change
its
meaning
over
time.
This
is
one
of
the
core
requirements
of
the
pod
security
stuff,
which
was
we
can't
just
say
like
a
check
today.
B
Is
this
valid
over
time
because
the
pod
spec
changes
right?
So
if
you
have,
if
you
add
a
new
field
somewhere
within
the
prospect,
that's
privileged
like
equivalent
of
privilege,
the
existing
privilege
check
needs
to
start
accounting
for
that,
but
only
at
a
newer
version
right.
We
don't
break
you
in
place
right,
no
kubernetes
apis
are
allowed
to
arbitrarily
break
in
the
middle.
B
Look
at
all
of
them
and
make
sure
that
nobody
sets
privileged
equals
true
in
there
right
and
if
they
do
then
fail
with
a
nice
error
message
all
right
so
that
one's
pretty
easy-
and
you
know
it's
a
pretty
easy
check.
The
run
is
non-root
check,
it's
kind
of
long
and
kind
of
sprawling
almost
because
it's
got
like
like
levels
of
checks
in
it,
so
it
kind
of
just
keeps
going
for
a
bit,
but
the
nice
thing
is
all
of
these
things
are
completely
distinct
right.
B
So
if
the
pod
security
standards
change-
and
we
add
a
new
check-
none
of
the
existing
stuff
has
to
change.
We
just
add
a
new
check
to
the
rest
of
thing
and
to
make
it
so
that
you
know
you
could
imagine
a
more
expressive
version
of
pod
security
that
is
completely
implemented
out
of
tree
as
a
validating
admission
web
hook,
and
let's
say
that
someone
wants
to
not
run
this
stuff
at
all.
They
just
want
to
run
their
whole
thing.
B
It
would
be
really
nice
for
them
to
be
able
to
validate
that
stuff
that
they
have
built,
conforms
the
same
validation
checks
as
the
internal
treatment
stuff,
and
so
one
of
the
ways
we
do.
That
is
for
each
of
the
checks.
We
have
a
test
that
generates
a
series
of
passing
pods
and
generates
a
series
of
failing
pods
right,
so
those
checks
are
obviously
run
sort
of
in
line
in
our
unit
tests
and
stuff,
but
they
also
generate.
So.
B
If
we
look
at
this
failure
case
and
the
zeroth
index,
they
also
generate
yaml
matching
that
so
all
of
this
yaml
is
available.
You
know
in
a
very
structured
way
right
like
this
is
a
baseline
check
at
version
12
122,
and
it's
a
failing
check
for
the
privileged
check
right.
So
if
you
were
implementing
equivalent
code
out
of
tree,
you
could
run
all
of
this
yaml
against
your
outer
tree
implementation
and
validate
that
it
conforms
exactly
to
the
entry
one
right.
B
Obviously
you
know
this
is
not
a
strict
requirement
for
having
pod
security,
be
a
thing.
It's
just
that
you
know.
Jordan
and
tim
were
very
careful
to
make
it
so
that
the
ecosystem
could
build
and
mature
on
top
of
this
stuff.
So
it
adds
pretty
significant
complexity
to
our
to
the
work
we
had
to
do
to
make
all
this
work,
so
I'm
done
with
the
code.
Does
anyone
want
to
ask
me
something
before
I
go
back
to
the
slides.
E
B
So
mike,
you
might
have
a
different
opinion
on
me
just
because
I
feel
like
this
is
an
opinion
and
less
of
a
like
a
like
a
thing
that
has
a
concrete
answer.
I
would
personally
lean
towards
always
running
like
the
the
built-in
stuff
you
know
in
whatever
mode
is
you
know?
Obviously,
if
you
can
run
everything
in
restricted
latest
do
that
that
might
be
impractical,
but
and
then,
if
you
have
further
checks,
add
those
checks
as
you're
validating
web
hook
or
whatever
you
want
opa
or
caverno.
B
Whatever
your
favorite
check
is
because,
as
you
upgrade,
your
kubernetes
cluster,
this
stuff
will
get
upgraded
by
us.
This
stuff
is
tested
by
sega.
This
stuff
is
maintained
by
segat
right
and
we
care
deeply
about
this
implementation
and
we
validate
this
one.
So
I
I
would,
I
would
sort
of
that's
the
direction.
I
would
push
people,
but
it's
more
of
an
opinion.
It's
not
a
straight
guideline.
A
Yeah,
I
agree
so
one
of
the
initial
problems
with
psp
that
was
cited
when
we
you
know
chose
not
to
graduate
from
g
to
ga
was
that
it
was
users
were
incapable
of
turning
it
on
in
existing
clusters
without
breaking
their
users.
So
what
we
did
with
psp,
v2
or
whatever
you
want
to
call
it
was
we
designed
the
system
such
that
it
can
be
turned
on,
and
the
cluster
will
continue
to
behave
as
normal.
A
In
that
case,
like
I
would
say,
you
can
use
pod
security
mission
for
as
far
as
it
gets
you
and
then
use
kiverno.
I
use
them
both
at
the
same
time
really
up
to
you.
I
would
say,
probably
it's
not
necessary
to
turn
off
a
pod
security
mission
controller
and,
if
you
feel
like
you
need
to
then
there's
probably
a
problem
with
pod
security
mission
controller,
and
you
should
let
us
know
why.
B
D
B
D
B
So
I
had
this
discussion
with
jordan
and
tim
and
david
they
they
did
not
believe
we
could
do
that
while
maintaining
the
compatibility
requirements
of
the
kubernetes
api,
which
is
unfortunate
thing,
at
least
like
basically
what
they
said
is
this.
This
really
comes
down
to
like
a
choice
for
your
distribution
and
what
security
stance
it
has
as
this
default
posture.
B
But
you
know
that's
sort
of
the
opinion
of
the
distribution.
At
least
the
nice
thing
is
it's
very
easy
to
go
change
the
default.
You
know
it's
a
very
simple,
yaml
file
that
just
says:
if
you
have
no
edit,
if
you
have
no
labels,
that
means
you're
like
latest
restricted
or
something
right
like
you,
can
really
tighten
it
out
very
easily.
B
It
is
a
configuration
that
you
pass
to
the
api
server,
so
it's
like
the
rest
of
admission.
That's
the
rest
of
built-in
admission
yeah
it
it's
a
little
unfortunate,
but
it's
sort
of
yeah.
We
just
want
to
break
people's
stuff,
and
this,
like
you
know,
if
we
were
building
kubernetes
all
over
again,
I'm
pretty
sure
we'd
start
from
the
beginning
with
this,
but.
C
A
E
All
right,
we
have
one
other
question,
then
we'll
look
to
the
room.
If
anybody
else
has
any
questions
too,
this
question
is
with
the
built-in
pod
security
admission
implementation.
Is
it
possible
for
admins
to
add
custom
profiles
or
are
the
built-in
privileged
baseline
and
restricted
profiles,
the
only
that
will
be
available
without
a
third-party
admission
controller.
B
C
B
Yeah,
I
I
don't
even
think
that
the
4k
really
just
consume
it.
It
is
meant
to
be
a
library,
you
don't
even
have
to
forget
so
yeah.
You
could
totally
do
that,
but
basically
we're
trying
very
hard
one.
We
don't
want
to
become
king
maker
here,
we're
not
trying
to
like
rule
your
policy
in
all
the
little
ways,
but
just
also
like
this
is
what
prevented
psp
from
going.
Ga
is
because
it
was
an
ever
expanding
api
surface
and
trying
to
make
it
keep
up
with
the
growth
of
the
pot
spec
over
time.
B
A
B
Yeah
at
a
really
simple
level,
we
want
to
make
sure
that
in
the
future
on,
basically,
every
kubernetes
distribution
sort
of
by
default,
create
pod
does
not
mean
root
on
cubelet
right
like
if
we
can
get
to
that
stage
like
we
have
made
an
incredible
set
of
progress
into
what
the
default
is
today.
In
most
environments,.
C
B
B
If
I
remember
correctly,
because
it's
under
the
pod
controller
path,
it's
always
audit
and
worn
for
that
piece.
I
think.
But
the
idea
was
that
your
deployment
could
be
out
of
the
valid
spec,
but
you
could
have
a
mutating
admission
controller
for
pods
that
coerces
the
pods
into
a
valid
spec.
So
the
thing
that
gets
created
is
allowed,
so
that
was
sort
of
the
nuance
that
that
it's
not
great
right,
because.
C
B
Yeah,
so
that's
that's
the
use
case.
We're
trying
to
maintain
is
that
we
know
that
the
pod
itself
is
the
thing
that
gets
run.
Everything
else
is
implementation,
details
right.
So
that's
where
we
really
enforce
and
the
namespace
stuff,
where
it's
really
powerful
is
you
know
server-side
dry
run.
Is
you
know
a
really
cool
feature
and
what
you
can
do
now?
Is
you
know
you?
Could
you
can
do
a
server-side
dry
run?
B
E
A
A
We
have
a
slack
channel
and
we
meet
every
two
weeks
on
wednesday
at
11
a.m.
Pacific
standard
time
I'll
have
a
lot
of
good
conversations.
A
lot
of
ongoing
initiatives
discuss
there
and
we
welcome
any
everyone,
anyone
and
everyone
to
get
involved
so
yeah.
Thank
you
so
much
for
attending
today,
and
I
hope
you
had
a
good
keep
going.
B
As
a
reminder,
this
stuff,
the
psp
stuff,
is
alpha.
So
if
there's
something
wrong,
please
come
tell
us
because
we
can
fix
it
before
we
promote
it
to
beta,
because
it
gets
a
whole
lot
harder,
because
this
is
kubernetes
and
we
don't
try
to
break
people's
stuff,
and
everyone
likes
to
depend
on
every
implementation
detail
of
everything
we
build
so.
But
thank
you
all
thanks.
Everyone.