Closed pmalek-sumo closed 1 year ago
As a workaround, to install the chart in Kubernetes v1.25.x which removed the PodSecurityPolicy completely, apply the following change to the values.yaml
file:
kube-prometheus-stack:
global:
rbac:
pspEnabled: false
kube-state-metrics:
podSecurityPolicy:
enabled: false
prometheus-node-exporter:
rbac:
pspEnabled: false
Considering this deprecation:
policy/v1
here
Considering this, it looks like we only need to remove podSecurityPoliciy for fluend resources.
This issue has been addressed here: https://github.com/SumoLogic/sumologic-kubernetes-collection/commit/5353114ed3f13165e470bf0860f5891df788e04e
This issue shouldn't have been closed. It can be closed when the chart v2 can be installed into Kubernetes v1.25 without any customizations. Currently installation fails, see https://github.com/SumoLogic/sumologic-kubernetes-collection/issues/2729.
This was discussed in the team again and the outcome is:
v3
of the collection chart.v2
without a breaking change. The current decision is to not introduce this breaking change and to not declare support for Kubernetes v1.25
and higher with the chart v2
.@astencel-sumo Thank you for updating us, however, I wonder about the statement of 1.25 and above since the current support matrix (https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/release-v2.19/deploy/README.md#support-matrix) stops at 1.23 (EKS) When I asked in the sumo slack I was referred to your workaround for EKS 1.24 support, if there other items that are blocking 1.24?
I have posted in the Slack thread. EKS v1.24 is coming soon :crossed_fingers: :slightly_smiling_face:
Because of the deprecation of
PodSecurityPolicy
andPodDisruptionBudget
in k8s 1.21 (k8s docs) users see the below notice when installing our chart:We should mitigate that by following the guidelines from k8s authors and maintainers. Most likely we'll need to look into "PSP Replacement Policy".
Here's a note from the above linked blog post mentioning this: