Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question]Pod security policy deprecation #2077

Closed
mo-saeed opened this issue Jan 26, 2021 · 16 comments
Closed

[Question]Pod security policy deprecation #2077

mo-saeed opened this issue Jan 26, 2021 · 16 comments
Labels
addon/policy azure/policy resolution/answer-provided Provided answer to issue, question or feedback.

Comments

@mo-saeed
Copy link

Hi Guys,

in here it's written that pod security policy will not be longer available after May 31st but based on Kubernetes up-stream kubernetes/enhancements#5 (comment) PSP will be removed in kubernetes 1.25 so the question is, will PSP in AKS still usable after May 31st and till 1.25 release?

Thanks
@ghost ghost added the triage label Jan 26, 2021
@ghost
Copy link

ghost commented Jan 26, 2021

Hi mo-saeed, AKS bot here 👋
Thank you for posting on the AKS Repo, I'll do my best to get a kind human from the AKS team to assist you.

I might be just a bot, but I'm told my suggestions are normally quite good, as such:

  1. If this case is urgent, please open a Support Request so that our 24/7 support team may help you faster.
  2. Please abide by the AKS repo Guidelines and Code of Conduct.
  3. If you're having an issue, could it be described on the AKS Troubleshooting guides or AKS Diagnostics?
  4. Make sure your subscribed to the AKS Release Notes to keep up to date with all that's new on AKS.
  5. Make sure there isn't a duplicate of this issue already reported. If there is, feel free to close this one and '+1' the existing issue.
  6. If you have a question, do take a look at our AKS FAQ. We place the most common ones there!

@ghost ghost added the action-required label Jan 28, 2021
@ghost
Copy link

ghost commented Jan 28, 2021

Triage required from @Azure/aks-pm

@ghost
Copy link

ghost commented Feb 2, 2021

Action required from @Azure/aks-pm

@ghost ghost added the Needs Attention 👋 Issues needs attention/assignee/owner label Feb 2, 2021
@ghost ghost removed the triage label Feb 12, 2021
@ghost
Copy link

ghost commented Feb 12, 2021

@ruchikaguptaa, @az-policy-kube would you be able to assist?

Issue Details

Hi Guys,

in here it's written that pod security policy will not be longer available after May 31st but based on Kubernetes up-stream kubernetes/enhancements#5 (comment) PSP will be removed in kubernetes 1.25 so the question is, will PSP in AKS still usable after May 31st and till 1.25 release?

Thanks

Author: mo-saeed
Assignees: -
Labels:

Needs Attention :wave:, action-required, addon/policy, azure/policy, triage
Milestone: -

@ghost ghost removed action-required Needs Attention 👋 Issues needs attention/assignee/owner labels Feb 12, 2021
@az-policy-kube
Copy link

@az-policy-kube would you be able to assist?

@miwithro
Copy link
Contributor

@mo-saeed we will be pushing the deprecation date to 06.30.2021. So you can continue to use PSP until that date. After that you will need to use Azure Policy. I am in the process of updating the document to reflect that date as well.

@mo-saeed
Copy link
Author

@miwithro Thank you for your reply but that doesn't answer my question, even if AKS deprecates PSP will we still be able to use it in our cluster till it's deprecated in the upstream?

@miwithro
Copy link
Contributor

No you will not.

@pakoAku
Copy link

pakoAku commented Mar 2, 2021

@miwithro can you clarify on this please:

How do I need to understand this:
06.30.2021 - all running AKS cluster, from all customer with any Kubernetes version will stop support PSP
or
06.30.2021 - all AKS Cluster which will be upgraded to Kubernetes 1.2x or get created after the 06.30.2021 will stop support PSP

I was in a discussion with the Azure Support and I understood it will stop working only after upgrade to specific Kubernetes version or newly created cluster.
This would give everybody time and control on when to upgrade.

@miwithro
Copy link
Contributor

miwithro commented Mar 2, 2021

Hello,
To be more clear.

After pod security policy (preview) is deprecated, you must disable the feature on any existing clusters using the deprecated feature to perform future cluster upgrades and stay within Azure support. So in short, they can continue to use as long as they don’t upgrade.

@pakoAku
Copy link

pakoAku commented Mar 3, 2021

Thank you for the clarification.

@ghost ghost added the action-required label Mar 28, 2021
@ghost
Copy link

ghost commented Apr 2, 2021

Action required from @Azure/aks-pm

@ghost ghost added the Needs Attention 👋 Issues needs attention/assignee/owner label Apr 2, 2021
@miwithro
Copy link
Contributor

miwithro commented Apr 2, 2021

@mo-saeed @pakoAku

We have updated our guidance around Pod Security Policies:

Pod security policy (preview), will begin deprecation with Kubernetes version 1.21, with its removal in version 1.25. As Kubernetes Upstream approaches that milestone, the Kubernetes community will be working to document viable alternatives. The previous deprecation announcement was made at the time as there was not a viable option for customers. Now that the Kubernetes community is working on an alternative, there no longer is a pressing need to deprecate ahead of Kubernetes.

https://docs.microsoft.com/en-us/azure/aks/use-pod-security-policies

@ghost ghost removed action-required Needs Attention 👋 Issues needs attention/assignee/owner labels Apr 2, 2021
@pierluigilenoci
Copy link

FYI https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/ and kubernetes/enhancements#2579

@miwithro miwithro added the resolution/answer-provided Provided answer to issue, question or feedback. label Apr 12, 2021
@ghost
Copy link

ghost commented Apr 14, 2021

Thanks for reaching out. I'm closing this issue as it was marked with "Answer Provided" and it hasn't had activity for 2 days.

@ghost ghost closed this as completed Apr 14, 2021
@pierluigilenoci
Copy link

FYI kubernetes/enhancements#2582

@ghost ghost locked as resolved and limited conversation to collaborators May 26, 2021
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
addon/policy azure/policy resolution/answer-provided Provided answer to issue, question or feedback.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@palma21 @pakoAku @pierluigilenoci @mo-saeed @miwithro @az-policy-kube