Portworx Operator 1.10.1 is now GA!

We are very excited to announce that Portworx Operator 1.10.1 is now GA.

Updates

• Added support for Kubernetes version 1.25, which includes:
  • Removed PodSecurityPolicy when deploying Portworx with Operator.
  • Upgraded the API version of PodDisruptionBudget from policy/v1beta1 to policy/v1
• Added a UI option in the spec generator to configure Kubernetes version when you choose to deploy Portworx version 2.12.
• Operator is now deployed without verbose log by default. To enable it, add the --verbose argument to the Operator deployment.
• For CSI deployment, the px-csi-ext pods now set Stork as a scheduler in the px-csi-ext deployment spec.
• Operator now chooses maxStorageNodesPerZone’s default value to efficiently manage the number of storage nodes in a cluster. For more details, see Manage the number of storage nodes.

Hi there,
With the removal of PodSecurityPolicy, do you have an updated deploy manifest file? The one at

kubectl create -f https://install.portworx.com/?comp=pxoperator

will generated the following warning, and we’d like to get rid of them.

# kubectl create -f https://install.portworx.com/?comp=pxoperator
serviceaccount/portworx-operator created
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/px-operator created
clusterrole.rbac.authorization.k8s.io/portworx-operator created
clusterrolebinding.rbac.authorization.k8s.io/portworx-operator created
Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "portworx-operator" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "portworx-operator" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "portworx-operator" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "portworx-operator" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps/portworx-operator created

Thanks.
bxu@us.ibm.com

Please use this https://install.portworx.com/2.12/?comp=pxoperator
When no version is specified, for backward compatibility, the PSP remains there.

Hi Michael,

I tried the new link at: https://install.portworx.com/2.12/?comp=pxoperator
Now there is no warning on creating PodSecurityPolicy as it was removed, but when the portworx-operator pod was started, it still has the same warning as below. I believe some new k8s security object (to replace the old PodSecurityPolicy) has been created and applied to the operator pod.

Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "portworx-operator" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "portworx-operator" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "portworx-operator" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "portworx-operator" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

Thanks.

Hi @bxu1999 what’s your k8s version? I suppose that’s from operator log, I just double checked on my cluster with k8s 1.25.0, there is no such warning. feel free to email me at hxie@purestorage.com for quick responses.

Thanks much for the response. I’ve provided more details in an email to you.