public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-06 05:03:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix missed removals from PR #1882

Browse Source
This commit is contained in:
Billy Tat
2025-08-25 09:23:42 -07:00
parent 50b12d2577
commit 7a4dfe349d
10 changed files with 0 additions and 519 deletions
Download Patch File Download Diff File Expand all files Collapse all files
versioned_docs/version-2.9/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md
-51
View File
@@ -19,57 +19,6 @@ Ensure that you migrate all PSPs to another workload security mechanism. This in
You must add your new policy enforcement mechanisms _before_ you remove the PodSecurityPolicy objects. If you don't, you may create an opportunity for privilege escalation attacks within the cluster.
:::
#### Install `helm-mapkubeapis`
1. Open your terminal in the machine you intend to use `helm-mapkubeapis` from and install the plugin:
```shell
helm plugin install https://github.com/helm/helm-mapkubeapis
```
You will see output similar to the following:
```console
Downloading and installing helm-mapkubeapis v0.4.1 ...
https://github.com/helm/helm-mapkubeapis/releases/download/v0.4.1/helm-mapkubeapis_0.4.1_darwin_amd64.tar.gz
Installed plugin: mapkubeapis
```
:::info important
Ensure that the `helm-mapkubeapis` plugin is at least v0.4.1, as older versions _do not_ support removal of resources.
:::
1. Verify that the plugin was correctly installed:
```shell
helm mapkubeapis --help
```
You will see output similar to the following:
```console
Map release deprecated or removed Kubernetes APIs in-place
Usage:
mapkubeapis [flags] RELEASE
Flags:
--dry-run simulate a command
-h, --help help for mapkubeapis
--kube-context string name of the kubeconfig context to use
--kubeconfig string path to the kubeconfig file
--mapfile string path to the API mapping file
--namespace string namespace scope of the release
```
#### Cleaning Up Broken Releases
After you install the `helm-mapkubeapis` plugin, clean up the releases that became broken after the upgrade to Kubernetes v1.25.
1. Open your preferred terminal and make sure it's connected to the cluster you wish to target by running `kubectl cluster-info`.
1. List all the releases you have installed in your cluster by running `helm list --all-namespaces`.
1. Perform a dry run for each release you would like to clean up by running `helm mapkubeapis --dry-run <release-name> --namespace <release-namespace>`. The result of this command will inform you what resources are going to be replaced or removed.
1. Finally, after reviewing the changes, perform a full run with `helm mapkubeapis <release-name> --namespace <release-namespace>`.
## Pod Security Admission Configuration Templates
Rancher offers PSA configuration templates. These are pre-defined security configurations that you can apply to a cluster. Rancher admins (or those with the right permissions) can [create, manage, and edit](./psa-config-templates.md) PSA templates.