Platform Briefing — Kubernetes 1.25 Release
Kubernetes 1.25 removed PodSecurityPolicy, promoted the Pod Security admission controller, and added CSI volume health monitoring along with beta support for Windows privileged containers.
Executive briefing: Kubernetes version 1.25 became generally available on , advancing workload security and storage reliability while finalizing the removal of the long-deprecated PodSecurityPolicy API.
Key updates
- Pod Security admission GA. Built-in enforcement modes (privileged, baseline, restricted) replace PodSecurityPolicy controls.
- CSI volume health monitoring. Alpha-to-beta promotion surfaces node-level metrics and events for storage troubleshooting.
- Windows privileged containers. Beta support enables containerized security tooling and host interaction on Windows worker nodes.
- Container runtimes. CRI-O and containerd updates improve cgroup v2 interoperability and image security defaults.
Implementation guidance
- Migrate all policies from PodSecurityPolicy to Pod Security admission or third-party controllers before upgrading.
- Enable CSI health monitoring for critical stateful workloads and integrate alerts with storage teams.
- Validate Windows workloads against new privileged container capabilities and update security baselines accordingly.
- Review deprecated APIs removed in 1.25 and adjust manifests during upgrade rehearsals.