Runtime Briefing — Kubernetes 1.22 (Pompeii) Release
The Kubernetes project shipped version 1.22 on August 4, 2021, stabilizing server-side Apply, promoting external credential providers, and deprecating PodSecurityPolicies in favor of admission controls.
Executive briefing: The Kubernetes Release Team delivered v1.22 “Pompeii” on . The milestone includes 53 enhancements with 13 graduating to stable, 24 moving to beta, and introduces breaking removals that require cluster operator action.
Key features
- Server-side Apply GA. Declarative apply is now stable, enabling controllers and GitOps tools to manage object fields without client-side merges.
- External credential providers GA. Client-go can integrate with exec plugins such as AWS IAM authenticator and Azure CLI for seamless, pluggable authentication.
- PodSecurityPolicy removal. PSP is removed in 1.25, with 1.22 issuing warnings and introducing the admission-based Pod Security standards as the migration path.
Implementation guidance
- Review API removals. Validate workloads for deprecated APIs such as
autoscaling/v2beta2and Ingressv1beta1, upgrading manifests before cluster upgrades. - Adopt Pod Security admission. Plan namespace label strategies (
privileged,baseline,restricted) and integrate with policy enforcement tooling. - GitOps readiness. Update Flux, Argo CD, or custom controllers to leverage server-side Apply and resolve field ownership conflicts.
Enablement moves
- Run conformance and upgrade rehearsals on staging clusters to uncover deprecated API usage.
- Refresh internal platform documentation on CSI migration timelines, Windows node support, and topology-aware hints introduced in 1.22.
- Coordinate with security teams on Kyverno/OPA policies that replace PSP functionality.