Go through the process of setting up PodSecurityPolicies in a kubeadm cluster.
PodSecurityPolicies allow administrators of a cluster to set up an offering of allowable security configurations for Pods in the cluster. For example, you can restrict privileged containers, deny use of container host resources (filesystems, ports, etc), or refuse to run containers as certain UIDs on hosts. Enabling PSPs should be a consideration when securing your cluster. Check out Pod Security Standards for some baseline concepts for policies.
# provision cluster
cd <TOP>/clusters/ubuntu-1804/simple/
./up.sh
# validate
vagrant ssh u1804-simple-master0
kubectl get cs
kubectl get nodes
kubectl version --shortUsing only the Kubernetes documentation,
create privileged and restricted PodSecurityPolicies for the cluster that
are only authorized for use by the appropriate service accounts in the kube-system and
default namespaces. Validate your permissions, then reconfigure the Kubernetes
API to use PodSecurityPolicies while authorizing requests.
cd <TOP>/clusters/ubuntu-1804/simple/
./down.sh