PodSecurityPolicy deprecated in Kubernetes v1.21 #661
Comments
|
Hello, we are currently looking at upgrading beyond OpenShift 4.8. Is this still an issue with the latest releases of Trident? |
|
We're currently on OpenShift 4.10.x and trident v22.04.0. I don't see any warnings so far, but i'm not 100% sure, if it's completely fixed. |
|
Hi @markandrewj and @brogger71, The Trident v22.07 release added support for Pod Security Standards. The Pod Security Policy is something that Kubernetes deprecated with Kubernetes v1.21 and isn't removed until the Kubernetes v1.25 release. |
|
Hello, Thanks for the additional information. It looks like OCP 4.10.3 uses Kubernetes 1.23. The warning we were getting from RedHat Insights made it sound like OCP 4.10+ was going to be using Kuberentes 1.25. I found the following in the release notes however. "OpenShift Container Platform (RHSA-2022:0056) is now available. This release uses Kubernetes 1.23 with CRI-O runtime. New features, changes, and known issues that pertain to OpenShift Container Platform 4.10 are included in this topic." [ref: https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html] Thanks again! |
Describe the bug
According to RedHat, the PodSecurityPolicy is deprecated in OpenShift Kubernetes v1.21 and gets removed in v1.25. It seams to be, that the OpenShift cluster load increases disproportionately when PodSecurityPolicies are used.
Environment
Provide accurate information about the environment to help us reproduce the issue.
To Reproduce
PodSecurityPolicies getting deployed with trident v21.07.1
Expected behavior
Switch to SecurityContextConstraints
Additional context
The text was updated successfully, but these errors were encountered: