PSA: PodSecurity graduated to beta for 1.23, beta admission webhook available now

[Jordan Liggitt]

For those who are interested, the PodSecurity feature has graduated to beta and will be enabled by default in Kubernetes 1.23. You can start a development cluster from kubernetes/kubernetes master to try it out now.

If you want to try the feature on an older cluster, the standalone admission webhook version has also been updated, and is available at https://git.k8s.io/pod-security-admission/webhook. To set up the admission webhook version:

git clone https://github.com/kubernetes/pod-security-admission.git

cd pod-security-admission/webhook

make certs

kubectl apply -k .

To remove the webhook once you're done trying it out (or once the cluster is upgraded to a version with the built-in admission plugin enabled), delete the same manifests used to create it:

kubectl delete -k .

As always, early feedback is appreciated. Feel free to jump into #sig-auth slack with questions, or file issues you encounter (tag with `/sig auth`).

Many thanks to all who helped with the definition, implementation, and reviews for this!

Jordan