Pod Security in GKE (Kubernetes) running in Google cloud

*****************************************************************

Pod Security Policy

Scenario 1:

If we want to give access of Kube Control Plane API or Google Cloud Services to Pods running in GKE (managed Kubernetes service of Google Cloud)

We need to use Service Accounts (SA)

• We create a new Service Account in Google cloud or Kubernetes
• Attach Permissions to this SA
• Attach SA to any Pod (which needs access)

(Pod actions are controlled by the SA attached to this Pod)

Pod needs SA for connecting to Google Services or Kube control plane API