Flag --allow-privileged has been deprecated

[dawidmalina]

What happened:
deprecated log entries appears during kubelet startup

What you expected to happen:
Remove flag and move to pod security policy: https://kubernetes.io/docs/concepts/policy/pod-security-policy/

How to reproduce it (as minimally and precisely as possible):
Run regular node and check kubelet logs

Anything else we need to know?:

Environment:

• AWS Region: eu-central-1
• Instance Type(s): t3.large
• EKS Platform version: eks.1
• Kubernetes version: 1.11
• AMI Version: ami-010caa98bae9a09e2
• Kernel: Linux ip-10-10-12-205.eu-central-1.compute.internal 4.14.88-88.76.amzn2.x86_64 #1 SMP Mon Jan 7 18:43:26 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
• Release information (run cat /tmp/release on a node):

Jan 11 11:39:19 ip-10-10-11-171 kubelet: Flag --allow-privileged has been deprecated, will be removed in a future version

[micahhausler]

Pod Security Policy became a beta feature in Kubernetes 1.13. EKS doesn't enable alpha features, so this will continue to be enabled until EKS supports Kubernetes 1.13.

[dawidmalina]

I understand that but don't you think that this ticket should be opened until EKS 1.13 will be rolled out? I know that this is currently in progress - aws/containers-roadmap#30 - but topic is still valid as version upgrade does it mean this topic (migration to Pod Security Policy) will be covered.

It will give all of us more visibility and transparency!