Description of problem: Latest 4.10 is k8s 1.23 rebased, and PodSecurity is promoted to beta in k8s 1.23, but latest 4.10 still displays old apiVersion for it. If we would update it in 4.10, pls go ahead. If we would not like to update it due to intentional bug 2008462, we should create this bug to track it for 4.11. Version-Release number of selected component (if applicable): $ oc version ... Server Version: 4.10.0-0.nightly-2022-01-25-023600 Kubernetes Version: v1.23.0+06791f6 How reproducible: Always Steps to Reproduce: 1. $ oc extract cm/config -n openshift-kube-apiserver --confirm config.yaml 2. $ jq '' config.yaml > config.json 3. $ cat config.json { "admission": { "pluginConfig": { "PodSecurity": { "configuration": { "apiVersion": "pod-security.admission.config.k8s.io/v1alpha1", "defaults": { "audit": "baseline", "audit-version": "latest", "enforce": "privileged", "enforce-version": "latest", "warn": "baseline", "warn-version": "latest" }, "kind": "PodSecurityConfiguration" } } ... Actual results: 3. It shows old v1alpha1 apiVersion Expected results: 3. It should not show old v1alpha1 apiVersion. Because https://kubernetes.io/docs/concepts/security/pod-security-admission/ says: In v1.23, the PodSecurity feature gate is a Beta feature and is enabled by default. In v1.22, the PodSecurity feature gate is an Alpha feature Additional info:
This fits into the pod security admission story, reassigning to standa.
This was actually fixed long time ago in https://github.com/openshift/cluster-kube-apiserver-operator/pull/1308
Yeah, thx for revisiting. Moving to VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069