For those who are interested, the PodSecurity
feature has graduated to beta and will be enabled by default in Kubernetes 1.23. You can start a development cluster from kubernetes/kubernetes master
to try it out now.
To remove the webhook once you're done trying it out (or once the cluster is upgraded to a version with the built-in admission plugin enabled), delete the same manifests used to create it:
As always, early feedback is appreciated. Feel free to jump into #sig-auth slack with questions, or file issues
you encounter (tag with `/sig auth`).
Many thanks to all who helped with the definition, implementation, and reviews for this!