rancher-charts/charts/epinio/102.0.3+up1.8.1/app-readme.md

38 lines
1.8 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

# Epinio PaaS
Opinionated platform that runs on Kubernetes to take you from Code to URL in one step.
__Attention__:
- Requires `cert-manager` as dependency.
- Requires `helm-controller` as dependency.
## Upgrading to Kubernetes v1.25+
Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/)
have been removed from the Kubernetes API.
As a result, __before upgrading to Kubernetes v1.25__ (or on a fresh install in a Kubernetes v1.25+
cluster), users are expected to perform an in-place upgrade of this chart with
`global.cattle.psp.enabled` set to `false` if it has been previously set to `true`.
> __Note:__
> In this chart release, any previous field that was associated with any PSP resources have been
> removed in favor of a single global field: `global.cattle.psp.enabled`.
> __Note:__
> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even
> if you manually clean up resources), __it will leave the Helm release in a broken state within the
> cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`,
> etc.).__
>
> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your
> Helm release secrets.
Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed
on its behalf from the cluster. This is the default setting for this chart.
As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/)
should be used. Please consult the Rancher docs for more details on how to configure your chart
release namespaces to work with the new Pod Security Admission and apply Pod Security Standards.