https://rancher.com/ logo
Title
f

future-monitor-61871

10/06/2022, 6:53 PM
We're on 1.23.7 and looking to upgrade to 1.25.2. We've got the CIS 1.6 flag turned on and having read the changes in the CIS benchmarks for 1.24+ I'm wondering if anyone has done a similar upgrade via the automated upgrade controller. Is that recomended/supported for hardened clusters?
c

creamy-pencil-82913

10/06/2022, 6:58 PM
It’s not something that I would recommend automating at this point. You need to manually switch from --profile=cis1.6 to --profile=cis-1.23 and make sure that you’re not relying on PSPs for anything, as they are gone-gone and replaced with PSS in Kubernetes 1.25
f

future-monitor-61871

10/06/2022, 9:45 PM
Thank you!