Remove PSP from CKS? #53
Comments
|
On this note It would seem logical to remove PSP at this point, but I'd say that ideally the exam should stick with the in-tree replacement (Pod Security Admission). The challenge with including other projects (e.g. gatekeeper) is that there's a number of open source and commercial options for admission control (On the open source side Kyverno, jsPolicy, Kubewarden, k-rail and others) so it would seem difficult to choose just one of those to be included in the exam. |
|
@raesene, I agree. However, Another way to do it is to check for the results, regardless of the solution. Disconnected exams would be an issue unless all alternatives are available. |
|
I am going to take the CKS next month. Looks like the PSP is still in the latest curriculum even PSP has been deprecated from K8s website. Question: how can I get the PSP doc during the test? |
You can always go back several versions in the K8s docs by selecting the "Versions" drop-down menu in the top-right corner of the docs or using the correct domain in the URL, for example: The current, as of this comment version (1.25), PSP page is: The 1.24 version of the PSP page is: |
After reading that PSP is deprecated and will be removed in 1.25 I'm left wondering why PSP is still listed under the CKS curriculum.
Is this so that we maintain the ability to support older installations?
At what point (if ever) will PSP be removed?
Will the graduated OPA Gatekeeper project take its place officially?
Related:
https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/
The text was updated successfully, but these errors were encountered: