Page MenuHomePhabricator

PodSecurityPolicies will be deprecated with Kubernetes 1.21
Open, LowPublic

Description

Pod Security Policies (PSP), starting with the Kubernetes 1.21, will begin the process of deprecation with the intention to fully remove it in a future release. ...
Full blog post draft here)
Github issue at: https://github.com/kubernetes/kubernetes/pull/97171

While we started implementing PSPs in T228967, they never fully made it to our clusters (as of k8s <1.16).
With Kubernetes 1.16 upgrades we want to implement the recommended restrictions as far as possible without to much effort (that we might have to re-spend with the deprecation). Although there are alternative options around currently, we still have some time and it can be assumed that those options evolve in the near future and we can migrate off of PSPs at a later point.