Kubernetes Pod Security Admission
Today I upgraded my production kubernetes cluster from v1.24.4 to v1.25.0 and encountered a problem during the upgrade. Because the PodSecurityPolicy api was removed from kube apiserver, and by instead of Pod Security Admission (PSA), so I needed to merge PodSecurityPolicy into PSA. At this time I did some research on PSA. PSA has been defined as a stable interface in v1.25.0 and the PodSecurity controller is enabled by default. the PSA controller forces pods to run in an environment with specific permissions by creating permissions rules in namespace, and all pods under that namespace will have access to the host environment restricted to that permission. ...