Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate PSP to v1 in helm chart #7608

Closed
shu-mutou opened this issue Jan 31, 2023 · 5 comments · Fixed by #7626
Closed

Migrate PSP to v1 in helm chart #7608

shu-mutou opened this issue Jan 31, 2023 · 5 comments · Fixed by #7626
Assignees
@jmhbnz
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@shu-mutou
Copy link
Contributor

What would you like to be added?

dashboard already uses policy/v1, but helm chart uses policy/v1beta1.

Why is this needed?

policy/v1beta1 was deprecated in k8s v1.25.
@shu-mutou shu-mutou added the kind/feature Categorizes issue or PR as related to a new feature. label Jan 31, 2023
@shu-mutou
Copy link
Contributor Author

policy/v1beta1 in charts/helm-chart/kubernetes-dashboard/templates/psp.yaml should be bumped to v1.

This was referenced Jan 31, 2023
Closed
Merged
@jmhbnz
Copy link
Member

jmhbnz commented Feb 2, 2023

Hey @shu-mutou - Should we be migrating to the new Pod Security Admission controller as part of this issue? https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp

Refer: https://kubernetes.io/docs/concepts/security/pod-security-policy/

PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25.

@sftim
Copy link

sftim commented Feb 17, 2023

We should move to Pod Security Admission. PodSecurityPolicy v1 isn't a thing.

@jmhbnz jmhbnz mentioned this issue Feb 17, 2023
Merged
@jmhbnz
Copy link
Member

jmhbnz commented Feb 17, 2023

I've had a look at this, migrating to pod security admission in a helm chart is not as straightforward as we thought as pod security admission is not fully supported in helm because it involves labeling the release namespace which helm does not support. Refer helm/helm#3503.

I've raised a draft pull request to generate some discussion on next steps.

@jmhbnz
Copy link
Member

jmhbnz commented Feb 17, 2023

/assign @jmhbnz

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmhbnz jmhbnz

Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Document helm chart PodSecurityPolicy deprecation and PodSecurityAdmission alternative
3 participants
@shu-mutou @sftim @jmhbnz