Lab Exercise 5.5
I'm a little confused by Lab 5.5, related to Pod Security Policy. I'm hoping someone has been through it already and can point out where I've gone awry.
From my understanding, the lab would rely on the PSP controller being active, but the standard lab cluster setup doesn't activate the controller, as this would block all pod creation. Adding the controller to --enable-admission-controllers on the apiserver seems to create the desired behaviour, although the policy in nopriv.yaml is never bound to a user/serviceaccount in the lab, so I'm not clear how this is expected to work.
The example with the mariadb image is also confusing. If I follow the example, the pod is failing to start because MariaDB needs an environment variable, either specifying the root password, or allowing operation with no password. The following command will start MariaDB in the lab, independent of whether the pod security policy exists:
kubectl run mariadb --image=mariadb --env=MYSQL_ALLOW_EMPTY_PASSWORD=true
I think I'm missing something fundamental on this lab; perhaps I've missed a setup step or similar. Does anyone have any advice?
Thanks in advance