This incident type occurs when a Pod in Kubernetes is rejected due to a violation of the Pod Security Policy (PSP). A Pod Security Policy is a set of rules that specify the conditions that a pod must meet to be accepted and run in a Kubernetes cluster. These rules are designed to prevent security risks and ensure that pods run with the least privilege necessary. When a pod violates the PSP, it is rejected, and the incident is triggered.
Parameters
Debug
List all Pods in the Namespace that are in the Pending state
Get the detailed status of a Pod that was rejected due to a PSP violation
Check the Pod Security Policy that was violated
List all ServiceAccounts in the Namespace that are allowed to use the PSP
Get the detailed status of the ServiceAccount that the Pod is using
List all Roles that are bound to the ServiceAccount
Get the detailed status of the Role that the ServiceAccount is bound to
Repair
Check if the pod has any privileged containers running. If yes, remove the privilege from the container, and try to deploy the pod again.
Learn more
Related Runbooks
Check out these related runbooks to help you debug and resolve similar issues.