Under the K8s component Statefulset as shown below, the security context works fine for Kubernetes 1.21 version, but when I tried with new versions it did not work fine. I understand this is due to the fact that there is 'PodSecurityPolicy deprecation' in the latest versions. But I am unable to find an alternative on how to use ' securityContext: fsGroup: 1001 ' in the yaml file. Appreciate any guidance on this ?
Asked
Active
Viewed 60 times
1
-
Was the answer useful? – Gabriel Robledo Ahumada Jun 24 '22 at 19:45
1 Answers
0
The recommendation from the Kubernetes official documentation, is migrating to Pod Security Admission.
Unfortunately, the migration is not as easy as just changing a particular line on a manifest, it will take a very detailed process since it could lead to a production outage or to a security gap.
In the Migrate from PSP documentation, you can find an overall approach to accomplish a successful migration:
There are multiple strategies you can take for migrating from PodSecurityPolicy to Pod Security Admission. The following steps are one possible migration path, with a goal of minimizing both the risks of a production outage and of a security gap.
- Decide whether Pod Security Admission is the right fit for your use case.
- Review namespace permissions
- Simplify & standardize PodSecurityPolicies
- Update namespaces
- Identify an appropriate Pod Security level
- Verify the Pod Security level
- Enforce the Pod Security level
- Bypass PodSecurityPolicy
- Review namespace creation processes
- Disable PodSecurityPolicy
Gabriel Robledo Ahumada
- 140
- 5