According to the upgrade guide I don't have to set global.cattle.psp.enabled to false anymore, if the new version is 2.7.5. However, kubectl get psp still lists some PSPs after the upgrade

% kubectl get psp
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
NAME                      PRIV    CAPS   SELINUX    RUNASUSER          FSGROUP     SUPGROUP    READONLYROOTFS   VOLUMES
global-restricted-psp     false          RunAsAny   MustRunAsNonRoot   MustRunAs   MustRunAs   false            configMap,emptyDir,projected,secret,downwardAPI,persistentVolumeClaim
global-unrestricted-psp   true    *      RunAsAny   RunAsAny           RunAsAny    RunAsAny    false            *
system-unrestricted-psp   true    *      RunAsAny   RunAsAny           RunAsAny    RunAsAny    false            *

(Kubernetes is still RKE2 1.24.10. ) I cannot remember having set these PSPs at all. My config.yaml for RKE2 didn't mention any cis profiles, so I wonder where they came from? I had hoped they would disappear after the Rancher upgrade. Every insightful comment is highly appreciated.