[logstash] PodSecurityPolicy - no policy/v1, deprecation since k8s 1.22+
See original GitHub issueChart version: 7.17.1
Kubernetes version: 1.22+
Kubernetes provider: E.g. GKE (Google Kubernetes Engine) EKS
Helm Version: 3.8.1
Describe the bug: https://github.com/elastic/helm-charts/pull/1420 introduced this
apiVersion: policy/v1
{{- else}}
apiVersion: policy/v1beta1
{{- end }}
kind: PodSecurityPolicy
but there is no policy/v1 for PodSecurityPolicy, this will be removed completely. The change was done in the context of PodDisruptionBudget, which has a policy/v1, but PodSecurityPolicy has not.
Futher reading:
https://kubernetes.io/docs/reference/using-api/deprecation-guide/#psp-v125 PodSecurityPolicy in the policy/v1beta1 API version will no longer be served in v1.25, and the PodSecurityPolicy admission controller will be removed. PodSecurityPolicy replacements are still under discussion, but current use can be migrated to 3rd-party admission webhooks now.
https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/ Kubernetes 1.21 starts the deprecation process for PodSecurityPolicy. As with all feature deprecations, PodSecurityPolicy will continue to be fully functional for several more releases. The current plan is to remove PSP from Kubernetes in the 1.25 release.
Expected behavior: evaluate and switch to alternatives until k8s v1.25 arrives - this is just meant as a heads-up
Issue Analytics
- State:
- Created a year ago
- Reactions:5
- Comments:5 (1 by maintainers)
Top GitHub Comments
Bumping this, there is no
kind: PodSecurityPolicy
inapiVersion: policy/v1
which means that latest chart versions don’t work. Server version here isv1.22.7-gke.1500
.Just adding that the 6.8.22 helm chart is currently unusable on Kubernetes 1.22 due to this problem (At least in a default EKS 1.22 setup).
I unfortunately lack the technical know-how to propose a fix, but just wanted to mention it is currently affecting up-to-date Kubernetes installs such as those on AWS EKS.