Kubernetes Pod Security Policy Deprecation

Estimated reading time: 1 Minute

A couple of weeks ago I noticed that the Kubernetes Auth Special Interest Group (AKA sig-auth) announced its decision to deprecate the Pod Security Policy (PSP) in Kubernetes version 1.21 and to remove the API completely at version 1.25.

Similar to the case where it was decided to remove the dynamic audit sink feature, it was clear to me that I need to share a blog post explaining what PSP is and the reasons for it’s removal. Moreover, I wanted to give you the ability to manage this deprecation in case it affects you.

One of the ways to remain protected with this deprecation in place is to utilize Open Policy Agent (OPA). A feature I wrote sometime in the past is a one that does exactly that – it embeds OPA engine into our existing cloud native protection product.

I’ve decided to reach out to my current employer (Palo Alto Networks) in order to put together a blog post that covers different aspects of this deprecation and how our customers can be protected.

You are welcome to read the full blog post here: How to Manage Kubernetes Pod Security Policy Deprecation.

Feel free to follow me on twitter for regular updates, see on the next one!

Leave a Reply