github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-11-04 07:49:35 +00:00
Code Issues Projects Releases Wiki Activity

PodSecurity: promote to beta

Browse Source
This commit is contained in:
Jordan Liggitt
2021-11-02 09:43:24 -04:00
parent 2a821d787b
commit 01fa142ef5
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/features/kube_features.go
View File

@@ -712,6 +712,7 @@ const (
// owner: @liggitt, @tallclair, sig-auth // owner: @liggitt, @tallclair, sig-auth
// alpha: v1.22 // alpha: v1.22
// beta: v1.23
// //
// Enables the PodSecurity admission plugin // Enables the PodSecurity admission plugin
PodSecurity featuregate.Feature = "PodSecurity" PodSecurity featuregate.Feature = "PodSecurity"
@@ -895,7 +896,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
StatefulSetMinReadySeconds: {Default: true, PreRelease: featuregate.Beta}, StatefulSetMinReadySeconds: {Default: true, PreRelease: featuregate.Beta},
ExpandedDNSConfig: {Default: false, PreRelease: featuregate.Alpha}, ExpandedDNSConfig: {Default: false, PreRelease: featuregate.Alpha},
SeccompDefault: {Default: false, PreRelease: featuregate.Alpha}, SeccompDefault: {Default: false, PreRelease: featuregate.Alpha},
PodSecurity: {Default: false, PreRelease: featuregate.Alpha}, PodSecurity: {Default: true, PreRelease: featuregate.Beta},
ReadWriteOncePod: {Default: false, PreRelease: featuregate.Alpha}, ReadWriteOncePod: {Default: false, PreRelease: featuregate.Alpha},
CSRDuration: {Default: true, PreRelease: featuregate.Beta}, CSRDuration: {Default: true, PreRelease: featuregate.Beta},
DelegateFSGroupToCSIDriver: {Default: false, PreRelease: featuregate.Alpha}, DelegateFSGroupToCSIDriver: {Default: false, PreRelease: featuregate.Alpha},

4
test/integration/auth/podsecurity_test.go
View File

@@ -102,14 +102,14 @@ func TestPodSecurityWebhook(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ProcMountType, true)() defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ProcMountType, true)()
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.WindowsHostProcessContainers, true)() defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.WindowsHostProcessContainers, true)()
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.AppArmor, true)() defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.AppArmor, true)()
// The webhook should pass tests even when PodSecurity is disabled.
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.PodSecurity, false)()
// Start test API server. // Start test API server.
capabilities.SetForTests(capabilities.Capabilities{AllowPrivileged: true}) capabilities.SetForTests(capabilities.Capabilities{AllowPrivileged: true})
testServer := kubeapiservertesting.StartTestServerOrDie(t, kubeapiservertesting.NewDefaultTestServerOptions(), []string{ testServer := kubeapiservertesting.StartTestServerOrDie(t, kubeapiservertesting.NewDefaultTestServerOptions(), []string{
"--anonymous-auth=false", "--anonymous-auth=false",
"--allow-privileged=true", "--allow-privileged=true",
// The webhook should pass tests even when PodSecurity is disabled.
"--disable-admission-plugins=PodSecurity",
}, framework.SharedEtcd()) }, framework.SharedEtcd())
t.Cleanup(testServer.TearDownFn) t.Cleanup(testServer.TearDownFn)