Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
f
future-monitor-61871
10/06/2022, 6:53 PMWe're on 1.23.7 and looking to upgrade to 1.25.2. We've got the CIS 1.6 flag turned on and having read the changes in the CIS benchmarks for 1.24+ I'm wondering if anyone has done a similar upgrade via the automated upgrade controller. Is that recomended/supported for hardened clusters?
c
creamy-pencil-82913
10/06/2022, 6:58 PMIt’s not something that I would recommend automating at this point. You need to manually switch from --profile=cis1.6 to --profile=cis-1.23 and make sure that you’re not relying on PSPs for anything, as they are gone-gone and replaced with PSS in Kubernetes 1.25
f
future-monitor-61871
10/06/2022, 9:45 PMThank you!