There are four custom controller items in the Toolforge Kubernetes cluster. These keep us from doing quick upgrades right now, and a lot of that is more easily available in modern code. We need to actually ensure they are all effectively replaced, document and deploy those replacements.
- Replace the uid enforcer admission controller - https://github.com/wikimedia/operations-software-kubernetes/commit/8938d75cc10b0a74afa9a10de8bbfb28807788b2
- Replace the container registry enforcement validating admission controller - https://github.com/wikimedia/operations-software-kubernetes/commit/5cad640395fee84c523c029c8fecf22afd2a060a
- Replace the host automount mutating admission controller - https://github.com/wikimedia/operations-software-kubernetes/commit/d16c091cdb30b4c8dbcc4cd923d0565b486c4a44
- Replace the host path admission controller - https://github.com/wikimedia/operations-software-kubernetes/commit/021aa3fd32932f443c1be0624d1078b619c6c05b
For each one of these, ensure we have comparable functionality enabled or deployable in some way except where we want to retire a feature altogether.