Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deprecate PSP in 1.21, but leave removal at 1.25 #97171

Merged
merged 2 commits into from Dec 18, 2020
Merged

deprecate PSP in 1.21, but leave removal at 1.25 #97171

merged 2 commits into from Dec 18, 2020

Conversation

deads2k
Copy link
Contributor

@deads2k deads2k commented Dec 9, 2020
edited by liggitt

After discussion in sig-auth, the future of restricting pod security settings does not lie in PSP because compatibility restrictions will prevent the kinds of changes that are required. To clearly signal this, we will deprecate PSP in 1.21 and leave the removal of the api as 1.25 in keeping with sig-arch required transitioning out of beta.

Meeting minutes here: https://docs.google.com/document/d/1woLGRoONE3EBVx-wTb4pvp4CI7tmLZ6lS26VTbosLKM/edit
Discussion doc here: https://docs.google.com/document/d/1VKqjUlpU888OYtIrBwidL43FOLhbmOD5tesYwmjzO4E/edit#
Shortcomings presentation here: https://docs.google.com/presentation/d/1Kv6BSBNyLCyglMbK7e6tVOaDYe89LV2aHL2Hlb-9HX8/edit

/kind cleanup
/kind api-change
/kind deprecation
/priority important-soon

@kubernetes/sig-auth-api-reviews
@enj @liggitt @mikedanese @tallclair

The PodSecurityPolicy API is deprecated in 1.21, and will no longer be served starting in 1.25.

@deads2k
deprecate PSP in 1.21, but leave removal at 1.25
831651a 
After discussion in sig-auth, the future of restricting pod security
settings does not lie in PSP because compatibility restrictions will
prevent the kinds of changes that are required.  To clearly signal this,
we will deprecate PSP in 1.21 and leave the removal of the api as 1.25 in
keeping with sig-arch required transitioning out of beta.
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/deprecation Categorizes issue or PR as related to a feature/enhancement marked for deprecation. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Dec 9, 2020
@liggitt liggitt requested review from mikedanese, tallclair, enj and liggitt and removed request for foxish and enisoc December 9, 2020 22:20
@fejta-bot
Copy link

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

@liggitt
Copy link
Member

liggitt commented Dec 9, 2020

/triage accepted

Updated release note to drop forward-looking statements about replacements. We will update the release notes with references to the current state of the proposal when 1.21 releases.

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Dec 9, 2020
@liggitt
Copy link
Member

liggitt commented Dec 9, 2020

/lgtm
/approve
/hold for review by other auth leads

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 9, 2020
@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Dec 9, 2020
@enj
Copy link
Member

enj commented Dec 10, 2020

/lgtm

I 💯 agree with the reasoning for this deprecation.

Test failures are real - codegen is out of date.

@johnrk-zz johnrk-zz mentioned this pull request Jan 25, 2021
Closed
@genevieveluyt genevieveluyt mentioned this pull request Jan 26, 2021
Closed
1 task
@kaslin kaslin mentioned this pull request Jan 28, 2021
Closed
@stefanprodan stefanprodan mentioned this pull request Feb 1, 2021
Closed
@rahulsadanandan rahulsadanandan mentioned this pull request Feb 2, 2021
Closed
@msau42 msau42 mentioned this pull request Feb 3, 2021
Merged
@jrsapi
Copy link

jrsapi commented Feb 3, 2021

Greetings @deads2k !
1.21 Enhancement shadow checking in. Since this has been merged and being deprecated in 1.21. Friendly reminder to add this to the enhancements tracking sheet.

@vinzent vinzent mentioned this pull request Feb 6, 2021
Closed
7 tasks
@kvaps kvaps mentioned this pull request Feb 9, 2021
Merged
@genevieveluyt genevieveluyt mentioned this pull request Feb 10, 2021
Closed
1 task
This was referenced Feb 16, 2021
Closed
Merged
@vinzent vinzent mentioned this pull request Feb 17, 2021
Merged
7 tasks
@mitchellmaler mitchellmaler mentioned this pull request Feb 23, 2021
Closed
@paulfantom paulfantom mentioned this pull request Feb 25, 2021
Closed
@Jainbrt Jainbrt mentioned this pull request Feb 26, 2021
Closed
@BenTheElder BenTheElder mentioned this pull request Feb 26, 2021
Closed
@ademariag ademariag mentioned this pull request Feb 28, 2021
Closed
@stefanprodan stefanprodan mentioned this pull request Mar 1, 2021
Closed
@antoinedeschenes antoinedeschenes mentioned this pull request Mar 1, 2021
Closed
@jmazzitelli jmazzitelli mentioned this pull request Mar 8, 2021
Closed
@paulfantom paulfantom mentioned this pull request Mar 9, 2021
Merged
@kvaps kvaps mentioned this pull request Mar 16, 2021
Open
@tonedefdev tonedefdev mentioned this pull request Mar 18, 2021
Merged
6 tasks
@jackfrancis jackfrancis mentioned this pull request Aug 4, 2023
Open
@ArgTang ArgTang mentioned this pull request Mar 31, 2021
Open
@irozzo-1A irozzo-1A mentioned this pull request Apr 1, 2021
Closed
@rfranzke rfranzke mentioned this pull request Apr 9, 2021
Closed
@jaredbischof jaredbischof mentioned this pull request Oct 13, 2022
Closed
@YTGhost YTGhost mentioned this pull request Nov 16, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enj enj enj approved these changes

@mikedanese mikedanese Awaiting requested review from mikedanese

@tallclair tallclair Awaiting requested review from tallclair

@liggitt liggitt Awaiting requested review from liggitt

Assignees

@liggitt liggitt

@enj enj

@tallclair tallclair

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubectl cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. kind/deprecation Categorizes issue or PR as related to a feature/enhancement marked for deprecation. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cli Categorizes an issue or PR as relevant to SIG CLI. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.21
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@deads2k @fejta-bot @liggitt @enj @k8s-ci-robot @tallclair @mikedanese @jrsapi