Pod Security Admission Controller

[EmirDanfoss]

Description

As you may be aware, Pod Security Policy has been removed since Kubernetes version v.1.25, where Pod Security Admission took it's place. It should be put in consideration to implement Pod Security Admission Controller as a resource.

References

https://kubernetes.io/docs/concepts/security/pod-security-admission/
https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/

YAML configuration

apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- name: PodSecurity
  configuration:
    apiVersion: pod-security.admission.config.k8s.io/v1
    kind: PodSecurityConfiguration
    defaults:
      enforce: "privileged"
      enforce-version: "latest"
      audit: "privileged"
      audit-version: "latest"
      warn: "privileged"
      warn-version: "latest"
    exemptions:
      usernames: []
      runtimeClasses: []
      namespaces: []

[BBBmau]

Referencing this since this would be a starting point for creating the schema for PodSecurityAdmissionController https://kubernetes.io/docs/reference/config-api/apiserver-config.v1/#apiserver-config-k8s-io-v1-AdmissionPluginConfiguration

[BBBmau]

Hello! Thanks for opening this issue, after further investigation it was found that the previous PodSecurityPolicy resource was created through the k8s api. However with the introduction of PodSecurityAdmissionController, it's handled differently due to it being from the Config API. This means that creating a this resource would be done when first provisioning a cluster and not through kubectl or the provider.

TLDR; I'll be closing this issue since this resource can not be created in the provider due to it not existing in the k8s api, (exists in config api)