-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PodSecurityPolicy deprecated in Kubernetes 1.21 #4112
Comments
@pietervincken thanks for the issue. Indeed, I think we should just remove this from the /cc @tektoncd/core-maintainers |
Some background reading: https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/ |
@vdemeester I will move this to the next milestone. Let me know if there is any concern. |
Looks like the replacement feature in Kubernetes will be called "PodSecurity Admission". Released as alpha in 1.22 |
/priority important-soon |
Discussed during the Pipeline WG:
|
Issues go stale after 90d of inactivity. /lifecycle stale Send feedback to tektoncd/plumbing. |
/remove-lifecycle stale |
If |
I think we need to do this soon - we could point users to https://appvia.github.io/psp-migration/ to migrate to an alternate policy engine. We could also see if we can enable https://kubernetes.io/docs/concepts/security/pod-security-admission/ |
Resurrecting this again - looks like |
/priority critical-urgent Actually, I just put it in v0.40, but am also bumping the priority. |
@jerop to find someone who can help with this! |
The replacement is beta which is reasonable to replace with |
/assign |
Drafted the doc WIP for PSP migration. According to the references in the doc, here are the aspects according to current PSP that PSA might not cover:
|
I think we should go for the 1st option in the doc of using PSA with OPA as complement for some of the specifications eg. Would appreciate it if people could take a look at this doc and help with some opinions! |
From Pipelines WG:
|
Expected Behavior
The released deployment manifest doesn't have deprecated resources listed in it.
Actual Behavior
PodSecurityPolicy tekton-pipelines is listed in the deployment manifest which is a deprecated resource as of 1.21.
Steps to Reproduce the Problem
Additional Info
Kubernetes version: 1.21
Output of
kubectl version
:N/A
Tekton Pipeline version:
0.26.0
The text was updated successfully, but these errors were encountered: