From 01fa142ef52adbba93e586f6e73f7b67827f73d1 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <liggitt@google.com>
Date: Tue, 2 Nov 2021 09:43:24 -0400
Subject: [PATCH] PodSecurity: promote to beta

---
 pkg/features/kube_features.go             | 3 ++-
 test/integration/auth/podsecurity_test.go | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go
index 337963f182a..e82c81f6fec 100644
--- a/pkg/features/kube_features.go
+++ b/pkg/features/kube_features.go
@@ -712,6 +712,7 @@ const (
 
 	// owner: @liggitt, @tallclair, sig-auth
 	// alpha: v1.22
+	// beta: v1.23
 	//
 	// Enables the PodSecurity admission plugin
 	PodSecurity featuregate.Feature = "PodSecurity"
@@ -895,7 +896,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
 	StatefulSetMinReadySeconds:                     {Default: true, PreRelease: featuregate.Beta},
 	ExpandedDNSConfig:                              {Default: false, PreRelease: featuregate.Alpha},
 	SeccompDefault:                                 {Default: false, PreRelease: featuregate.Alpha},
-	PodSecurity:                                    {Default: false, PreRelease: featuregate.Alpha},
+	PodSecurity:                                    {Default: true, PreRelease: featuregate.Beta},
 	ReadWriteOncePod:                               {Default: false, PreRelease: featuregate.Alpha},
 	CSRDuration:                                    {Default: true, PreRelease: featuregate.Beta},
 	DelegateFSGroupToCSIDriver:                     {Default: false, PreRelease: featuregate.Alpha},
diff --git a/test/integration/auth/podsecurity_test.go b/test/integration/auth/podsecurity_test.go
index ad7c8e215ca..7206955f928 100644
--- a/test/integration/auth/podsecurity_test.go
+++ b/test/integration/auth/podsecurity_test.go
@@ -102,14 +102,14 @@ func TestPodSecurityWebhook(t *testing.T) {
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ProcMountType, true)()
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.WindowsHostProcessContainers, true)()
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.AppArmor, true)()
-	// The webhook should pass tests even when PodSecurity is disabled.
-	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.PodSecurity, false)()
 
 	// Start test API server.
 	capabilities.SetForTests(capabilities.Capabilities{AllowPrivileged: true})
 	testServer := kubeapiservertesting.StartTestServerOrDie(t, kubeapiservertesting.NewDefaultTestServerOptions(), []string{
 		"--anonymous-auth=false",
 		"--allow-privileged=true",
+		// The webhook should pass tests even when PodSecurity is disabled.
+		"--disable-admission-plugins=PodSecurity",
 	}, framework.SharedEtcd())
 	t.Cleanup(testServer.TearDownFn)