Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PodSecurityPolicy deprecated since 1.25 #1356

Open
mrolmedo opened this issue Jun 21, 2024 · 5 comments
Open

PodSecurityPolicy deprecated since 1.25 #1356

mrolmedo opened this issue Jun 21, 2024 · 5 comments
Labels
effort/2 outdated-version Docs which refer to outdated versions of Rancher or extensions priority/2

Comments

@mrolmedo
Copy link

mrolmedo commented Jun 21, 2024
edited
Loading

Summary

Hi team,
PodSecurityPolicy API, initially deprecated in Kubernetes v1.21, was entirely removed in Kubernetes v1.25.
In our doc, when listing the capabilities available in Rancher by cluster type: we are still referring to PodSecurityPolicy.
Should be include the support for PSA(Pod Security Admission) too?

image

image
@martyav
Copy link
Contributor

martyav commented Jun 21, 2024

Rancher 2.7 and later support PSS, so we should update the files for latest, v2.8, and v2.7 too.

@martyav martyav added the outdated-version Docs which refer to outdated versions of Rancher or extensions label Jun 21, 2024
@mrolmedo
Copy link
Author

Hi team,
I have another question related to this: PSA/PSP can be managed for EKS-GKE-AKS clusters,

image

Although, note/step 2 also indicates that the cluster configuration can only be edited for RKE1,RKE2, and K3S clusters.
"Cluster configuration options can't be edited for registered clusters, except for K3s and RKE2 clusters."

So, it is confusing as EKS-AKS-GKE clusters can not be edited, so how can you set up PSA/PSP if the cluster can not be changed/updated?

@martyav
Copy link
Contributor

martyav commented Jun 27, 2024

@jiaqiluo I remember working with you on the PSA/PSP docs. Could you answer this? Thanks!

Although, note/step 2 also indicates that the cluster configuration can only be edited for RKE1,RKE2, and K3S clusters.
"Cluster configuration options can't be edited for registered clusters, except for K3s and RKE2 clusters."
So, it is confusing as EKS-AKS-GKE clusters can not be edited, so how can you set up PSA/PSP if the cluster can not be changed/updated?

@mrolmedo
Copy link
Author

Hi team,
I just check the code, for instance, for eks clusters I don´t see PSP available.
Thanks @martyav and @jiaqiluo for your help.

@jiaqiluo
Copy link
Member

jiaqiluo commented Jul 1, 2024
edited
Loading

Hi @mrolmedo ,

1/ To my knowledge, we could not configure the default PSP when creating or editing EKS/GKE/AKS clusters as Rancher does not manage the control plane of the cluster. The prerequisite on the page for adding a PSP mentions the option is available for the rancher-launched RKE clusters. So It seems like an error in our doc.

2/ We couldn't set the default Pod Security Admission (PSA) Configuration Templates when creating EKS/GKE/AKS clusters, but we could set the Pod Security Admission (PSA) ( or Pod Security Standard) on each namespace.

Screenshot 2024-07-01 at 3 47 42 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
effort/2 outdated-version Docs which refer to outdated versions of Rancher or extensions priority/2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jiaqiluo @martyav @LucasSaintarbor @mrolmedo