Skip to content

[AKS] Remove --enable-pod-security-policy and --disable-pod-security-policy as it's deprecated #8720

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
zhoxing-ms merged 1 commit into from
May 19, 2025
Merged

[AKS] Remove --enable-pod-security-policy and --disable-pod-security-policy as it's deprecated #8720

zhoxing-ms merged 1 commit into from
May 19, 2025

Conversation

@bingosummer
Copy link
Member

@bingosummer bingosummer commented May 7, 2025
edited by FumingZhang
Loading

This checklist is used to make sure that common guidelines for a pull request are followed.

Related command

az aks create/update --enable-pod-security-policy/--disable-pod-security-policy

https://learn.microsoft.com/en-us/azure/aks/use-pod-security-policies

The pod security policy feature was deprecated on 1st August 2023 and removed from AKS versions 1.25 and higher.

We recommend you migrate to [pod security admission controller](https://learn.microsoft.com/en-us/azure/aks/use-psa) or [Azure policy](https://learn.microsoft.com/en-us/azure/aks/use-azure-policy) to stay within Azure support. Pod Security Admission is a built-in policy solution for single cluster implementations. If you are looking for enterprise-grade policy, then Azure policy is a better choice.

General Guidelines

  • Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
  • Have you run python scripts/ci/test_index.py -q locally? (pip install wheel==0.30.0 required)
  • My extension version conforms to the Extension version schema

For new extensions:

About Extension Publish

There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update src/index.json automatically.
You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify src/index.json.

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented May 7, 2025
edited
Loading

❌Azure CLI Extensions Breaking Change Test
❌aks-preview
rule cmd_name rule_message suggest_message
1007 - ParaRemove aks create cmd aks create removed parameter enable_pod_security_policy please add back parameter enable_pod_security_policy for cmd aks create
1007 - ParaRemove aks update cmd aks update removed parameter disable_pod_security_policy please add back parameter disable_pod_security_policy for cmd aks update
1007 - ParaRemove aks update cmd aks update removed parameter enable_pod_security_policy please add back parameter enable_pod_security_policy for cmd aks update

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented May 7, 2025

Hi @bingosummer,
Please write the description of changes which can be perceived by customers into HISTORY.rst.
If you want to release a new extension version, please update the version in setup.py as well.

@yonzhan
Copy link
Collaborator

yonzhan commented May 7, 2025

Thank you for your contribution! We will review the pull request and get back to you soon.

@github-actions
Copy link

github-actions bot commented May 7, 2025

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

@github-actions
Copy link

github-actions bot commented May 7, 2025
edited
Loading

@FumingZhang
Copy link
Member

FumingZhang commented May 7, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented May 7, 2025

Azure Pipelines successfully started running 2 pipeline(s).

FumingZhang
FumingZhang reviewed May 7, 2025
View reviewed changes
@github-actions github-actions bot added the release-version-block Updates do not qualify release version rules. NOTE: please do not edit it manually. label May 12, 2025
FumingZhang
FumingZhang previously approved these changes May 12, 2025
View reviewed changes
@FumingZhang
Copy link
Member

FumingZhang commented May 12, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented May 12, 2025

Azure Pipelines successfully started running 2 pipeline(s).

bingosummer
bingosummer commented May 12, 2025
View reviewed changes
src/aks-preview/azext_aks_preview/_help.py Outdated
type: bool
short-summary: Enable pod security policy.
long-summary: --enable-pod-security-policy is deprecated. See https://aka.ms/aks/psp for details.
- name: --disable-pod-security-policy
Copy link
Member Author

@bingosummer bingosummer May 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't remove --disable-pod-security-policy because the user should be able to disable the feature. But after re-thinking, --disable-pod-security-policy is also to set the psp property to False. So --disable-pod-security-policy is also useless. It should be also removed.
@FumingZhang right?

Copy link
Member Author

@bingosummer bingosummer May 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed --disable-pod-security-policy

@bingosummer bingosummer changed the title [AKS] Remove --enable-pod-security-policy as it's deprecated [AKS] Remove --enable-pod-security-policy and --disable-pod-security-policy as it's deprecated May 12, 2025
@github-actions github-actions bot removed the release-version-block Updates do not qualify release version rules. NOTE: please do not edit it manually. label May 12, 2025
@azure-pipelines
Copy link

azure-pipelines bot commented May 12, 2025

Azure Pipelines successfully started running 2 pipeline(s).

@FumingZhang
Copy link
Member

FumingZhang commented May 13, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented May 13, 2025

Azure Pipelines successfully started running 2 pipeline(s).

FumingZhang
FumingZhang reviewed May 13, 2025
View reviewed changes
@github-actions github-actions bot added the release-version-block Updates do not qualify release version rules. NOTE: please do not edit it manually. label May 13, 2025
@FumingZhang
Copy link
Member

FumingZhang commented May 14, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented May 14, 2025

Azure Pipelines successfully started running 2 pipeline(s).

FumingZhang
FumingZhang previously approved these changes May 14, 2025
View reviewed changes
@bingosummer
Copy link
Member Author

bingosummer commented May 14, 2025

resolved conflicts

@FumingZhang
Copy link
Member

FumingZhang commented May 14, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented May 14, 2025

Azure Pipelines successfully started running 2 pipeline(s).

FumingZhang
FumingZhang previously approved these changes May 14, 2025
View reviewed changes
@bingosummer bingosummer changed the title [AKS] Remove --enable-pod-security-policy and --disable-pod-security-policy as it's deprecated [AKS] Remove --enable-pod-security-policy and --disable-pod-security-policy as it's deprecated May 16, 2025
@AllyW AllyW added the major release extension module with version major upgraded label May 19, 2025
@github-actions github-actions bot removed the release-version-block Updates do not qualify release version rules. NOTE: please do not edit it manually. label May 19, 2025
@FumingZhang
Copy link
Member

FumingZhang commented May 19, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented May 19, 2025

Azure Pipelines successfully started running 2 pipeline(s).

@zhoxing-ms zhoxing-ms merged commit 4df736f into Azure:main May 19, 2025
29 of 30 checks passed
@azclibot
Copy link
Collaborator

azclibot commented May 19, 2025

[Release] Update index.json for extension [ aks-preview-18.0.0b1 ] : https://dev.azure.com/msazure/One/_build/results?buildId=124612767&view=results

bavneetsingh16 pushed a commit to AzureArcForKubernetes/k8s-extension that referenced this pull request May 23, 2025
@bingosummer
[AKS] Remove --enable-pod-security-policy and `--disable-pod-securi…
3e13b81 
…ty-policy` as it's deprecated (Azure#8720)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zhoxing-ms zhoxing-ms zhoxing-ms approved these changes

@FumingZhang FumingZhang FumingZhang approved these changes

@andyliuliming andyliuliming Awaiting requested review from andyliuliming andyliuliming is a code owner

@kairu-ms kairu-ms Awaiting requested review from kairu-ms kairu-ms is a code owner

@yanzhudd yanzhudd Awaiting requested review from yanzhudd

@yonzhan yonzhan Awaiting requested review from yonzhan

+1 more reviewer

@karataliu karataliu karataliu approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@zhoxing-ms zhoxing-ms

@yanzhudd yanzhudd

Labels

AKS Auto-Assign Auto assign by bot major release extension module with version major upgraded

Projects

None yet

Milestone

Build 2025 (2025-05-19)❗ Breaking cha...

Development

Successfully merging this pull request may close these issues.

8 participants

@bingosummer @yonzhan @FumingZhang @azclibot @karataliu @zhoxing-ms @AllyW @yanzhudd