trident
trident copied to clipboard
NetApp
PodSecurityPolicy deprecated in Kubernetes v1.21
Describe the bug According to RedHat, the PodSecurityPolicy is deprecated in OpenShift Kubernetes v1.21 and gets removed in v1.25. It seams to be, that the OpenShift cluster load increases disproportionately when PodSecurityPolicies are used.
Environment Provide accurate information about the environment to help us reproduce the issue.
- Trident version: v21.07.1
- Trident installation flags used: -
- Container runtime: CRI-O
- Kubernetes version: v1.20.0
- Kubernetes orchestrator: OpenShift 4.7.34
- Kubernetes enabled feature gates: -
- OS: Red Hat Enterprise Linux CoreOS 47.84.202110121431-0 (Ootpa)
- NetApp backend types: ONTAP AFF 9.2
- Other:
To Reproduce PodSecurityPolicies getting deployed with trident v21.07.1
Expected behavior Switch to SecurityContextConstraints
Additional context
Hello, we are currently looking at upgrading beyond OpenShift 4.8. Is this still an issue with the latest releases of Trident?
We're currently on OpenShift 4.10.x and trident v22.04.0. I don't see any warnings so far, but i'm not 100% sure, if it's completely fixed.
Hi @markandrewj and @brogger71,
The Trident v22.07 release added support for Pod Security Standards.
The Pod Security Policy is something that Kubernetes deprecated with Kubernetes v1.21 and isn't removed until the Kubernetes v1.25 release.
Hello,
Thanks for the additional information. It looks like OCP 4.10.3 uses Kubernetes 1.23. The warning we were getting from RedHat Insights made it sound like OCP 4.10+ was going to be using Kuberentes 1.25. I found the following in the release notes however.
"OpenShift Container Platform (RHSA-2022:0056) is now available. This release uses Kubernetes 1.23 with CRI-O runtime. New features, changes, and known issues that pertain to OpenShift Container Platform 4.10 are included in this topic." [ref: https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html]
Thanks again!