We currently are on EKS 1.22, however with the updates to 1.25, old security rules will be depreciated and the transition to Pod Security Admission will be enforced.
I am however, confused reading the updates whether the below code will still be fine. Currently we have a kubernetes_job defined in Terraform that has the below security_context:
security_context {
run_as_non_root = true
run_as_user = "1000"
run_as_group = "2000"
capabilities {
drop = ["all"]
}
allow_privilege_escalation = false
}
Will this still work in 1.25? Or will this have to be changed?
PodSecurityPolicy was a separate API object. The deprecation doesn't refer to the security context in a PodSpec, which you seem to be describing here in Terraform syntax; the PodSpec syntax is unchanged, including in Deployments and other higher-level objects.
Unless you're a cluster administrator or writing an operator that will be used principally by cluster administrators, the PodSecurityPolicy deprecation won't affect you.