diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md index 1733824eb30..333fbfd1bfd 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md @@ -11,57 +11,6 @@ They became available and were turned on by default in Kubernetes v1.23, and rep PSS define security levels for workloads. PSAs describe requirements for pod security contexts and related fields. PSAs reference PSS levels to define security restrictions. -#### Install `helm-mapkubeapis` - -1. Open your terminal in the machine you intend to use `helm-mapkubeapis` from and install the plugin: - ```shell - helm plugin install https://github.com/helm/helm-mapkubeapis - ``` - - You will see output similar to the following: - ```console - Downloading and installing helm-mapkubeapis v0.4.1 ... - https://github.com/helm/helm-mapkubeapis/releases/download/v0.4.1/helm-mapkubeapis_0.4.1_darwin_amd64.tar.gz - Installed plugin: mapkubeapis - ``` - - :::info important - Ensure that the `helm-mapkubeapis` plugin is at least v0.4.1, as older versions _do not_ support removal of resources. - ::: - -1. Verify that the plugin was correctly installed: - ```shell - helm mapkubeapis --help - ``` - - You will see output similar to the following: - ```console - Map release deprecated or removed Kubernetes APIs in-place - - Usage: - mapkubeapis [flags] RELEASE - - Flags: - --dry-run simulate a command - -h, --help help for mapkubeapis - --kube-context string name of the kubeconfig context to use - --kubeconfig string path to the kubeconfig file - --mapfile string path to the API mapping file - --namespace string namespace scope of the release - ``` - -#### Cleaning Up Broken Releases - -After you install the `helm-mapkubeapis` plugin, clean up the releases that became broken after the upgrade to Kubernetes v1.25. - -1. Open your preferred terminal and make sure it's connected to the cluster you wish to target by running `kubectl cluster-info`. - -1. List all the releases you have installed in your cluster by running `helm list --all-namespaces`. - -1. Perform a dry run for each release you would like to clean up by running `helm mapkubeapis --dry-run --namespace `. The result of this command will inform you what resources are going to be replaced or removed. - -1. Finally, after reviewing the changes, perform a full run with `helm mapkubeapis --namespace `. - ## Pod Security Admission Configuration Templates Rancher offers PSA configuration templates. These are pre-defined security configurations that you can apply to a cluster. Rancher admins (or those with the right permissions) can [create, manage, and edit](./psa-config-templates.md) PSA templates. diff --git a/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md b/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md index 01989cb0f4b..547fa2d2cf2 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md +++ b/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md @@ -7,57 +7,6 @@ title: Pod 安全标准 (PSS) 和 Pod 安全准入 (PSA) PSS 定义了工作负载的安全级别。PSA 描述了 Pod 安全上下文和相关字段的要求。PSA 参考 PSS 级别来定义安全限制。 -#### 安装 `helm-mapkubeapis` - -1. 在打算使用 `helm-mapkubeapis` 的机器上打开你的终端并安装插件: - ```shell - helm plugin install https://github.com/helm/helm-mapkubeapis - ``` - - 你将看到类似于以下的输出: - ```console - Downloading and installing helm-mapkubeapis v0.4.1 ... - https://github.com/helm/helm-mapkubeapis/releases/download/v0.4.1/helm-mapkubeapis_0.4.1_darwin_amd64.tar.gz - Installed plugin: mapkubeapis - ``` - - :::info 重要提示 - 确保 `helm-mapkubeapis` 插件至少为 v0.4.1,因为旧版本_不_支持资源删除。 - ::: - -1. 验证插件是否已正确安装: - ```shell - helm mapkubeapis --help - ``` - - 你将看到类似于以下的输出: - ```console - Map release deprecated or removed Kubernetes APIs in-place - - Usage: - mapkubeapis [flags] RELEASE - - Flags: - --dry-run simulate a command - -h, --help help for mapkubeapis - --kube-context string name of the kubeconfig context to use - --kubeconfig string path to the kubeconfig file - --mapfile string path to the API mapping file - --namespace string namespace scope of the release - ``` - -#### 清理损坏的版本 - -安装 `helm-mapkubeapis` 插件后,清理升级到 Kubernetes v1.25 后损坏的版本。 - -1. 打开你的首选终端并通过运行 `kubectl cluster-info` 确保终端已连接到所需集群。 - -1. 运行 `helm list --all-namespaces` 列出你在集群中安装的所有版本。 - -1. 通过运行 `helm mapkubeapis --dry-run --namespace ` 为要清理的每个版本执行试运行。你可以通过此命令的结果了解要替换或删除哪些资源。 - -1. 最后,在查看更改后,使用 `helm mapkubeapis --namespace ` 执行完整运行。 - ## Pod 安全准入配置模板 Rancher 提供了 PSA 配置模板。它们是可以应用到集群的预定义安全配置。Rancher 管理员(或具有权限的人员)可以[创建、管理和编辑](./psa-config-templates.md) PSA 模板。 diff --git a/i18n/zh/docusaurus-plugin-content-docs/version-2.10/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md b/i18n/zh/docusaurus-plugin-content-docs/version-2.10/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md index 4f9006f0f52..c57b3c68e03 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/version-2.10/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md +++ b/i18n/zh/docusaurus-plugin-content-docs/version-2.10/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md @@ -15,57 +15,6 @@ PSS 定义了工作负载的安全级别。PSA 描述了 Pod 安全上下文和 必须在删除 PodSecurityPolicy 对象_之前_添加新的策略执行机制。否则,你可能会为集群内的特权升级攻击创造机会。 ::: -#### 安装 `helm-mapkubeapis` - -1. 在打算使用 `helm-mapkubeapis` 的机器上打开你的终端并安装插件: - ```shell - helm plugin install https://github.com/helm/helm-mapkubeapis - ``` - - 你将看到类似于以下的输出: - ```console - Downloading and installing helm-mapkubeapis v0.4.1 ... - https://github.com/helm/helm-mapkubeapis/releases/download/v0.4.1/helm-mapkubeapis_0.4.1_darwin_amd64.tar.gz - Installed plugin: mapkubeapis - ``` - - :::info 重要提示 - 确保 `helm-mapkubeapis` 插件至少为 v0.4.1,因为旧版本_不_支持资源删除。 - ::: - -1. 验证插件是否已正确安装: - ```shell - helm mapkubeapis --help - ``` - - 你将看到类似于以下的输出: - ```console - Map release deprecated or removed Kubernetes APIs in-place - - Usage: - mapkubeapis [flags] RELEASE - - Flags: - --dry-run simulate a command - -h, --help help for mapkubeapis - --kube-context string name of the kubeconfig context to use - --kubeconfig string path to the kubeconfig file - --mapfile string path to the API mapping file - --namespace string namespace scope of the release - ``` - -#### 清理损坏的版本 - -安装 `helm-mapkubeapis` 插件后,清理升级到 Kubernetes v1.25 后损坏的版本。 - -1. 打开你的首选终端并通过运行 `kubectl cluster-info` 确保终端已连接到所需集群。 - -1. 运行 `helm list --all-namespaces` 列出你在集群中安装的所有版本。 - -1. 通过运行 `helm mapkubeapis --dry-run --namespace ` 为要清理的每个版本执行试运行。你可以通过此命令的结果了解要替换或删除哪些资源。 - -1. 最后,在查看更改后,使用 `helm mapkubeapis --namespace ` 执行完整运行。 - ## Pod 安全准入配置模板 Rancher 提供了 PSA 配置模板。它们是可以应用到集群的预定义安全配置。Rancher 管理员(或具有权限的人员)可以[创建、管理和编辑](./psa-config-templates.md) PSA 模板。 diff --git a/i18n/zh/docusaurus-plugin-content-docs/version-2.11/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md b/i18n/zh/docusaurus-plugin-content-docs/version-2.11/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md index 01989cb0f4b..547fa2d2cf2 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/version-2.11/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md +++ b/i18n/zh/docusaurus-plugin-content-docs/version-2.11/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md @@ -7,57 +7,6 @@ title: Pod 安全标准 (PSS) 和 Pod 安全准入 (PSA) PSS 定义了工作负载的安全级别。PSA 描述了 Pod 安全上下文和相关字段的要求。PSA 参考 PSS 级别来定义安全限制。 -#### 安装 `helm-mapkubeapis` - -1. 在打算使用 `helm-mapkubeapis` 的机器上打开你的终端并安装插件: - ```shell - helm plugin install https://github.com/helm/helm-mapkubeapis - ``` - - 你将看到类似于以下的输出: - ```console - Downloading and installing helm-mapkubeapis v0.4.1 ... - https://github.com/helm/helm-mapkubeapis/releases/download/v0.4.1/helm-mapkubeapis_0.4.1_darwin_amd64.tar.gz - Installed plugin: mapkubeapis - ``` - - :::info 重要提示 - 确保 `helm-mapkubeapis` 插件至少为 v0.4.1,因为旧版本_不_支持资源删除。 - ::: - -1. 验证插件是否已正确安装: - ```shell - helm mapkubeapis --help - ``` - - 你将看到类似于以下的输出: - ```console - Map release deprecated or removed Kubernetes APIs in-place - - Usage: - mapkubeapis [flags] RELEASE - - Flags: - --dry-run simulate a command - -h, --help help for mapkubeapis - --kube-context string name of the kubeconfig context to use - --kubeconfig string path to the kubeconfig file - --mapfile string path to the API mapping file - --namespace string namespace scope of the release - ``` - -#### 清理损坏的版本 - -安装 `helm-mapkubeapis` 插件后,清理升级到 Kubernetes v1.25 后损坏的版本。 - -1. 打开你的首选终端并通过运行 `kubectl cluster-info` 确保终端已连接到所需集群。 - -1. 运行 `helm list --all-namespaces` 列出你在集群中安装的所有版本。 - -1. 通过运行 `helm mapkubeapis --dry-run --namespace ` 为要清理的每个版本执行试运行。你可以通过此命令的结果了解要替换或删除哪些资源。 - -1. 最后,在查看更改后,使用 `helm mapkubeapis --namespace ` 执行完整运行。 - ## Pod 安全准入配置模板 Rancher 提供了 PSA 配置模板。它们是可以应用到集群的预定义安全配置。Rancher 管理员(或具有权限的人员)可以[创建、管理和编辑](./psa-config-templates.md) PSA 模板。 diff --git a/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md b/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md index 01989cb0f4b..547fa2d2cf2 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md +++ b/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md @@ -7,57 +7,6 @@ title: Pod 安全标准 (PSS) 和 Pod 安全准入 (PSA) PSS 定义了工作负载的安全级别。PSA 描述了 Pod 安全上下文和相关字段的要求。PSA 参考 PSS 级别来定义安全限制。 -#### 安装 `helm-mapkubeapis` - -1. 在打算使用 `helm-mapkubeapis` 的机器上打开你的终端并安装插件: - ```shell - helm plugin install https://github.com/helm/helm-mapkubeapis - ``` - - 你将看到类似于以下的输出: - ```console - Downloading and installing helm-mapkubeapis v0.4.1 ... - https://github.com/helm/helm-mapkubeapis/releases/download/v0.4.1/helm-mapkubeapis_0.4.1_darwin_amd64.tar.gz - Installed plugin: mapkubeapis - ``` - - :::info 重要提示 - 确保 `helm-mapkubeapis` 插件至少为 v0.4.1,因为旧版本_不_支持资源删除。 - ::: - -1. 验证插件是否已正确安装: - ```shell - helm mapkubeapis --help - ``` - - 你将看到类似于以下的输出: - ```console - Map release deprecated or removed Kubernetes APIs in-place - - Usage: - mapkubeapis [flags] RELEASE - - Flags: - --dry-run simulate a command - -h, --help help for mapkubeapis - --kube-context string name of the kubeconfig context to use - --kubeconfig string path to the kubeconfig file - --mapfile string path to the API mapping file - --namespace string namespace scope of the release - ``` - -#### 清理损坏的版本 - -安装 `helm-mapkubeapis` 插件后,清理升级到 Kubernetes v1.25 后损坏的版本。 - -1. 打开你的首选终端并通过运行 `kubectl cluster-info` 确保终端已连接到所需集群。 - -1. 运行 `helm list --all-namespaces` 列出你在集群中安装的所有版本。 - -1. 通过运行 `helm mapkubeapis --dry-run --namespace ` 为要清理的每个版本执行试运行。你可以通过此命令的结果了解要替换或删除哪些资源。 - -1. 最后,在查看更改后,使用 `helm mapkubeapis --namespace ` 执行完整运行。 - ## Pod 安全准入配置模板 Rancher 提供了 PSA 配置模板。它们是可以应用到集群的预定义安全配置。Rancher 管理员(或具有权限的人员)可以[创建、管理和编辑](./psa-config-templates.md) PSA 模板。 diff --git a/i18n/zh/docusaurus-plugin-content-docs/version-2.9/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md b/i18n/zh/docusaurus-plugin-content-docs/version-2.9/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md index 15d7aa96971..a54994bc3b7 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/version-2.9/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md +++ b/i18n/zh/docusaurus-plugin-content-docs/version-2.9/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md @@ -7,66 +7,6 @@ title: Pod 安全标准 (PSS) 和 Pod 安全准入 (PSA) PSS 定义了工作负载的安全级别。PSA 描述了 Pod 安全上下文和相关字段的要求。PSA 参考 PSS 级别来定义安全限制。 -#### 安装 `helm-mapkubeapis` - -1. 在打算使用 `helm-mapkubeapis` 的机器上打开你的终端并安装插件: - ```shell - helm plugin install https://github.com/helm/helm-mapkubeapis - ``` - - 你将看到类似于以下的输出: - ```console - Downloading and installing helm-mapkubeapis v0.4.1 ... - https://github.com/helm/helm-mapkubeapis/releases/download/v0.4.1/helm-mapkubeapis_0.4.1_darwin_amd64.tar.gz - Installed plugin: mapkubeapis - ``` - - :::info 重要提示 - 确保 `helm-mapkubeapis` 插件至少为 v0.4.1,因为旧版本_不_支持资源删除。 - ::: - -1. 验证插件是否已正确安装: - ```shell - helm mapkubeapis --help - ``` - - 你将看到类似于以下的输出: - ```console - Map release deprecated or removed Kubernetes APIs in-place - - Usage: - mapkubeapis [flags] RELEASE - - Flags: - --dry-run simulate a command - -h, --help help for mapkubeapis - --kube-context string name of the kubeconfig context to use - --kubeconfig string path to the kubeconfig file - --mapfile string path to the API mapping file - --namespace string namespace scope of the release - ``` - -#### 清理损坏的版本 - -安装 `helm-mapkubeapis` 插件后,清理升级到 Kubernetes v1.25 后损坏的版本。 - -1. 打开你的首选终端并通过运行 `kubectl cluster-info` 确保终端已连接到所需集群。 - -1. 运行 `helm list --all-namespaces` 列出你在集群中安装的所有版本。 - -1. 通过运行 `helm mapkubeapis --dry-run --namespace ` 为要清理的每个版本执行试运行。你可以通过此命令的结果了解要替换或删除哪些资源。 - -1. 最后,在查看更改后,使用 `helm mapkubeapis --namespace ` 执行完整运行。 - -#### 将 Chart 升级到支持 Kubernetes v1.25 的版本 - -清理了具有 PSP 的所有版本后,你就可以继续升级了。对于 Rancher 维护的工作负载,请按照本文档[从 Rancher 维护的应用程序和市场工作负载中删除 PodSecurityPolicies](#remove-psp-rancher-workloads) 部分中的步骤进行操作。 -如果工作负载不是由 Rancher 维护的,请参阅对应的提供商的文档。 - -:::caution -不要跳过此步骤。与 Kubernetes v1.25 不兼容的应用程序不能保证在清理后正常工作。 -::: - ## Pod 安全准入配置模板 {#psa-config-templates} Rancher 提供了 PSA 配置模板。它们是可以应用到集群的预定义安全配置。Rancher 管理员(或具有权限的人员)可以[创建、管理和编辑](./psa-config-templates.md) PSA 模板。 diff --git a/versioned_docs/version-2.10/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md b/versioned_docs/version-2.10/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md index 1733824eb30..333fbfd1bfd 100644 --- a/versioned_docs/version-2.10/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md +++ b/versioned_docs/version-2.10/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md @@ -11,57 +11,6 @@ They became available and were turned on by default in Kubernetes v1.23, and rep PSS define security levels for workloads. PSAs describe requirements for pod security contexts and related fields. PSAs reference PSS levels to define security restrictions. -#### Install `helm-mapkubeapis` - -1. Open your terminal in the machine you intend to use `helm-mapkubeapis` from and install the plugin: - ```shell - helm plugin install https://github.com/helm/helm-mapkubeapis - ``` - - You will see output similar to the following: - ```console - Downloading and installing helm-mapkubeapis v0.4.1 ... - https://github.com/helm/helm-mapkubeapis/releases/download/v0.4.1/helm-mapkubeapis_0.4.1_darwin_amd64.tar.gz - Installed plugin: mapkubeapis - ``` - - :::info important - Ensure that the `helm-mapkubeapis` plugin is at least v0.4.1, as older versions _do not_ support removal of resources. - ::: - -1. Verify that the plugin was correctly installed: - ```shell - helm mapkubeapis --help - ``` - - You will see output similar to the following: - ```console - Map release deprecated or removed Kubernetes APIs in-place - - Usage: - mapkubeapis [flags] RELEASE - - Flags: - --dry-run simulate a command - -h, --help help for mapkubeapis - --kube-context string name of the kubeconfig context to use - --kubeconfig string path to the kubeconfig file - --mapfile string path to the API mapping file - --namespace string namespace scope of the release - ``` - -#### Cleaning Up Broken Releases - -After you install the `helm-mapkubeapis` plugin, clean up the releases that became broken after the upgrade to Kubernetes v1.25. - -1. Open your preferred terminal and make sure it's connected to the cluster you wish to target by running `kubectl cluster-info`. - -1. List all the releases you have installed in your cluster by running `helm list --all-namespaces`. - -1. Perform a dry run for each release you would like to clean up by running `helm mapkubeapis --dry-run --namespace `. The result of this command will inform you what resources are going to be replaced or removed. - -1. Finally, after reviewing the changes, perform a full run with `helm mapkubeapis --namespace `. - ## Pod Security Admission Configuration Templates Rancher offers PSA configuration templates. These are pre-defined security configurations that you can apply to a cluster. Rancher admins (or those with the right permissions) can [create, manage, and edit](./psa-config-templates.md) PSA templates. diff --git a/versioned_docs/version-2.11/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md b/versioned_docs/version-2.11/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md index 1733824eb30..333fbfd1bfd 100644 --- a/versioned_docs/version-2.11/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md +++ b/versioned_docs/version-2.11/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md @@ -11,57 +11,6 @@ They became available and were turned on by default in Kubernetes v1.23, and rep PSS define security levels for workloads. PSAs describe requirements for pod security contexts and related fields. PSAs reference PSS levels to define security restrictions. -#### Install `helm-mapkubeapis` - -1. Open your terminal in the machine you intend to use `helm-mapkubeapis` from and install the plugin: - ```shell - helm plugin install https://github.com/helm/helm-mapkubeapis - ``` - - You will see output similar to the following: - ```console - Downloading and installing helm-mapkubeapis v0.4.1 ... - https://github.com/helm/helm-mapkubeapis/releases/download/v0.4.1/helm-mapkubeapis_0.4.1_darwin_amd64.tar.gz - Installed plugin: mapkubeapis - ``` - - :::info important - Ensure that the `helm-mapkubeapis` plugin is at least v0.4.1, as older versions _do not_ support removal of resources. - ::: - -1. Verify that the plugin was correctly installed: - ```shell - helm mapkubeapis --help - ``` - - You will see output similar to the following: - ```console - Map release deprecated or removed Kubernetes APIs in-place - - Usage: - mapkubeapis [flags] RELEASE - - Flags: - --dry-run simulate a command - -h, --help help for mapkubeapis - --kube-context string name of the kubeconfig context to use - --kubeconfig string path to the kubeconfig file - --mapfile string path to the API mapping file - --namespace string namespace scope of the release - ``` - -#### Cleaning Up Broken Releases - -After you install the `helm-mapkubeapis` plugin, clean up the releases that became broken after the upgrade to Kubernetes v1.25. - -1. Open your preferred terminal and make sure it's connected to the cluster you wish to target by running `kubectl cluster-info`. - -1. List all the releases you have installed in your cluster by running `helm list --all-namespaces`. - -1. Perform a dry run for each release you would like to clean up by running `helm mapkubeapis --dry-run --namespace `. The result of this command will inform you what resources are going to be replaced or removed. - -1. Finally, after reviewing the changes, perform a full run with `helm mapkubeapis --namespace `. - ## Pod Security Admission Configuration Templates Rancher offers PSA configuration templates. These are pre-defined security configurations that you can apply to a cluster. Rancher admins (or those with the right permissions) can [create, manage, and edit](./psa-config-templates.md) PSA templates. diff --git a/versioned_docs/version-2.12/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md b/versioned_docs/version-2.12/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md index 1733824eb30..333fbfd1bfd 100644 --- a/versioned_docs/version-2.12/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md +++ b/versioned_docs/version-2.12/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md @@ -11,57 +11,6 @@ They became available and were turned on by default in Kubernetes v1.23, and rep PSS define security levels for workloads. PSAs describe requirements for pod security contexts and related fields. PSAs reference PSS levels to define security restrictions. -#### Install `helm-mapkubeapis` - -1. Open your terminal in the machine you intend to use `helm-mapkubeapis` from and install the plugin: - ```shell - helm plugin install https://github.com/helm/helm-mapkubeapis - ``` - - You will see output similar to the following: - ```console - Downloading and installing helm-mapkubeapis v0.4.1 ... - https://github.com/helm/helm-mapkubeapis/releases/download/v0.4.1/helm-mapkubeapis_0.4.1_darwin_amd64.tar.gz - Installed plugin: mapkubeapis - ``` - - :::info important - Ensure that the `helm-mapkubeapis` plugin is at least v0.4.1, as older versions _do not_ support removal of resources. - ::: - -1. Verify that the plugin was correctly installed: - ```shell - helm mapkubeapis --help - ``` - - You will see output similar to the following: - ```console - Map release deprecated or removed Kubernetes APIs in-place - - Usage: - mapkubeapis [flags] RELEASE - - Flags: - --dry-run simulate a command - -h, --help help for mapkubeapis - --kube-context string name of the kubeconfig context to use - --kubeconfig string path to the kubeconfig file - --mapfile string path to the API mapping file - --namespace string namespace scope of the release - ``` - -#### Cleaning Up Broken Releases - -After you install the `helm-mapkubeapis` plugin, clean up the releases that became broken after the upgrade to Kubernetes v1.25. - -1. Open your preferred terminal and make sure it's connected to the cluster you wish to target by running `kubectl cluster-info`. - -1. List all the releases you have installed in your cluster by running `helm list --all-namespaces`. - -1. Perform a dry run for each release you would like to clean up by running `helm mapkubeapis --dry-run --namespace `. The result of this command will inform you what resources are going to be replaced or removed. - -1. Finally, after reviewing the changes, perform a full run with `helm mapkubeapis --namespace `. - ## Pod Security Admission Configuration Templates Rancher offers PSA configuration templates. These are pre-defined security configurations that you can apply to a cluster. Rancher admins (or those with the right permissions) can [create, manage, and edit](./psa-config-templates.md) PSA templates. diff --git a/versioned_docs/version-2.9/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md b/versioned_docs/version-2.9/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md index 8da0012c79a..dde6937aba0 100644 --- a/versioned_docs/version-2.9/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md +++ b/versioned_docs/version-2.9/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md @@ -19,57 +19,6 @@ Ensure that you migrate all PSPs to another workload security mechanism. This in You must add your new policy enforcement mechanisms _before_ you remove the PodSecurityPolicy objects. If you don't, you may create an opportunity for privilege escalation attacks within the cluster. ::: -#### Install `helm-mapkubeapis` - -1. Open your terminal in the machine you intend to use `helm-mapkubeapis` from and install the plugin: - ```shell - helm plugin install https://github.com/helm/helm-mapkubeapis - ``` - - You will see output similar to the following: - ```console - Downloading and installing helm-mapkubeapis v0.4.1 ... - https://github.com/helm/helm-mapkubeapis/releases/download/v0.4.1/helm-mapkubeapis_0.4.1_darwin_amd64.tar.gz - Installed plugin: mapkubeapis - ``` - - :::info important - Ensure that the `helm-mapkubeapis` plugin is at least v0.4.1, as older versions _do not_ support removal of resources. - ::: - -1. Verify that the plugin was correctly installed: - ```shell - helm mapkubeapis --help - ``` - - You will see output similar to the following: - ```console - Map release deprecated or removed Kubernetes APIs in-place - - Usage: - mapkubeapis [flags] RELEASE - - Flags: - --dry-run simulate a command - -h, --help help for mapkubeapis - --kube-context string name of the kubeconfig context to use - --kubeconfig string path to the kubeconfig file - --mapfile string path to the API mapping file - --namespace string namespace scope of the release - ``` - -#### Cleaning Up Broken Releases - -After you install the `helm-mapkubeapis` plugin, clean up the releases that became broken after the upgrade to Kubernetes v1.25. - -1. Open your preferred terminal and make sure it's connected to the cluster you wish to target by running `kubectl cluster-info`. - -1. List all the releases you have installed in your cluster by running `helm list --all-namespaces`. - -1. Perform a dry run for each release you would like to clean up by running `helm mapkubeapis --dry-run --namespace `. The result of this command will inform you what resources are going to be replaced or removed. - -1. Finally, after reviewing the changes, perform a full run with `helm mapkubeapis --namespace `. - ## Pod Security Admission Configuration Templates Rancher offers PSA configuration templates. These are pre-defined security configurations that you can apply to a cluster. Rancher admins (or those with the right permissions) can [create, manage, and edit](./psa-config-templates.md) PSA templates.