From 7eba57d4dec33b525613f7f1d66d72f8df52a228 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <liggitt@google.com>
Date: Thu, 1 Sep 2022 08:35:01 -0400
Subject: [PATCH] Update pod security configuration docs for v1

---
 .../enforce-standards-admission-controller.md | 46 ++-----------------
 .../tutorials/security/cluster-level-pss.md   |  9 +++-
 ...ith-cluster-level-baseline-pod-security.sh |  2 +-
 3 files changed, 13 insertions(+), 44 deletions(-)

diff --git a/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md b/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md
index dcf771e811..393d546623 100644
--- a/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md
+++ b/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md
@@ -19,15 +19,13 @@ You can configure this admission controller to set cluster-wide defaults and [ex
 
 ## Configure the Admission Controller
 
-{{< tabs name="PodSecurityConfiguration_example_1" >}}
-{{% tab name="pod-security.admission.config.k8s.io/v1beta1" %}}
 ```yaml
 apiVersion: apiserver.config.k8s.io/v1
 kind: AdmissionConfiguration
 plugins:
 - name: PodSecurity
   configuration:
-    apiVersion: pod-security.admission.config.k8s.io/v1beta1
+    apiVersion: pod-security.admission.config.k8s.io/v1
     kind: PodSecurityConfiguration
     # Defaults applied when a mode label is not set.
     #
@@ -56,43 +54,7 @@ plugins:
 ```
 
 {{< note >}}
-v1beta1 configuration requires v1.23+. For v1.22, use v1alpha1.
+`pod-security.admission.config.k8s.io/v1` configuration requires v1.25+.
+For v1.23 and v1.24, use [v1beta1](https://v1-24.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/).
+For v1.22, use [v1alpha1](https://v1-22.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/).
 {{< /note >}}
-
-{{% /tab %}}
-{{% tab name="pod-security.admission.config.k8s.io/v1alpha1" %}}
-```yaml
-apiVersion: apiserver.config.k8s.io/v1
-kind: AdmissionConfiguration
-plugins:
-- name: PodSecurity
-  configuration:
-    apiVersion: pod-security.admission.config.k8s.io/v1alpha1
-    kind: PodSecurityConfiguration
-    # Defaults applied when a mode label is not set.
-    #
-    # Level label values must be one of:
-    # - "privileged" (default)
-    # - "baseline"
-    # - "restricted"
-    #
-    # Version label values must be one of:
-    # - "latest" (default) 
-    # - specific version like "v{{< skew currentVersion >}}"
-    defaults:
-      enforce: "privileged"
-      enforce-version: "latest"
-      audit: "privileged"
-      audit-version: "latest"
-      warn: "privileged"
-      warn-version: "latest"
-    exemptions:
-      # Array of authenticated usernames to exempt.
-      usernames: []
-      # Array of runtime class names to exempt.
-      runtimeClasses: []
-      # Array of namespaces to exempt.
-      namespaces: []
-```
-{{% /tab %}}
-{{< /tabs >}}
diff --git a/content/en/docs/tutorials/security/cluster-level-pss.md b/content/en/docs/tutorials/security/cluster-level-pss.md
index 3b662efc60..d0ee9b8323 100644
--- a/content/en/docs/tutorials/security/cluster-level-pss.md
+++ b/content/en/docs/tutorials/security/cluster-level-pss.md
@@ -187,7 +187,7 @@ following:
     plugins:
     - name: PodSecurity
       configuration:
-        apiVersion: pod-security.admission.config.k8s.io/v1beta1
+        apiVersion: pod-security.admission.config.k8s.io/v1
         kind: PodSecurityConfiguration
         defaults:
           enforce: "baseline"
@@ -203,6 +203,13 @@ following:
     EOF
     ```
 
+    {{< note >}}
+    `pod-security.admission.config.k8s.io/v1` configuration requires v1.25+.
+    For v1.23 and v1.24, use [v1beta1](https://v1-24.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/).
+    For v1.22, use [v1alpha1](https://v1-22.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/).
+    {{< /note >}}
+
+
 1. Configure the API server to consume this file during cluster creation:
 
     ```
diff --git a/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh b/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh
index 690b333443..2fbd0dfe81 100644
--- a/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh
+++ b/content/en/examples/security/kind-with-cluster-level-baseline-pod-security.sh
@@ -6,7 +6,7 @@ kind: AdmissionConfiguration
 plugins:
 - name: PodSecurity
   configuration:
-    apiVersion: pod-security.admission.config.k8s.io/v1beta1
+    apiVersion: pod-security.admission.config.k8s.io/v1
     kind: PodSecurityConfiguration
     defaults:
       enforce: "baseline"