diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json index 731bdea02aa..57a4ed4c7f1 100644 --- a/api/openapi-spec/swagger.json +++ b/api/openapi-spec/swagger.json @@ -12015,7 +12015,7 @@ "type": "string" }, "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.", + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is beta-level and may be disabled with the WindowsRunAsUserName feature flag.", "type": "string" } }, diff --git a/pkg/apis/core/types.go b/pkg/apis/core/types.go index 7da9bc87272..74e565a5b2d 100644 --- a/pkg/apis/core/types.go +++ b/pkg/apis/core/types.go @@ -5063,7 +5063,7 @@ type WindowsSecurityContextOptions struct { // Defaults to the user specified in image metadata if unspecified. // May also be set in PodSecurityContext. If set in both SecurityContext and // PodSecurityContext, the value specified in SecurityContext takes precedence. - // This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag. + // This field is beta-level and may be disabled with the WindowsRunAsUserName feature flag. // +optional RunAsUserName *string } diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go index 105dc0795cc..a3f887d6a91 100644 --- a/pkg/features/kube_features.go +++ b/pkg/features/kube_features.go @@ -420,6 +420,7 @@ const ( // owner: @bclau // alpha: v1.16 + // beta: v1.17 // // Enables support for running container entrypoints as different usernames than their default ones. WindowsRunAsUserName featuregate.Feature = "WindowsRunAsUserName" @@ -566,7 +567,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS TTLAfterFinished: {Default: false, PreRelease: featuregate.Alpha}, KubeletPodResources: {Default: true, PreRelease: featuregate.Beta}, WindowsGMSA: {Default: true, PreRelease: featuregate.Beta}, - WindowsRunAsUserName: {Default: false, PreRelease: featuregate.Alpha}, + WindowsRunAsUserName: {Default: true, PreRelease: featuregate.Beta}, ServiceLoadBalancerFinalizer: {Default: true, PreRelease: featuregate.Beta}, LocalStorageCapacityIsolationFSQuotaMonitoring: {Default: false, PreRelease: featuregate.Alpha}, NonPreemptingPriority: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/staging/src/k8s.io/api/core/v1/generated.proto b/staging/src/k8s.io/api/core/v1/generated.proto index 94e21274064..bb458c76b54 100644 --- a/staging/src/k8s.io/api/core/v1/generated.proto +++ b/staging/src/k8s.io/api/core/v1/generated.proto @@ -5257,7 +5257,7 @@ message WindowsSecurityContextOptions { // Defaults to the user specified in image metadata if unspecified. // May also be set in PodSecurityContext. If set in both SecurityContext and // PodSecurityContext, the value specified in SecurityContext takes precedence. - // This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag. + // This field is beta-level and may be disabled with the WindowsRunAsUserName feature flag. // +optional optional string runAsUserName = 3; } diff --git a/staging/src/k8s.io/api/core/v1/types.go b/staging/src/k8s.io/api/core/v1/types.go index a42f3bd758a..c8715756b3f 100644 --- a/staging/src/k8s.io/api/core/v1/types.go +++ b/staging/src/k8s.io/api/core/v1/types.go @@ -5789,7 +5789,7 @@ type WindowsSecurityContextOptions struct { // Defaults to the user specified in image metadata if unspecified. // May also be set in PodSecurityContext. If set in both SecurityContext and // PodSecurityContext, the value specified in SecurityContext takes precedence. - // This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag. + // This field is beta-level and may be disabled with the WindowsRunAsUserName feature flag. // +optional RunAsUserName *string `json:"runAsUserName,omitempty" protobuf:"bytes,3,opt,name=runAsUserName"` } diff --git a/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go index b2c448002f7..d4279438c93 100644 --- a/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go +++ b/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go @@ -2457,7 +2457,7 @@ var map_WindowsSecurityContextOptions = map[string]string{ "": "WindowsSecurityContextOptions contain Windows-specific options and credentials.", "gmsaCredentialSpecName": "GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.", "gmsaCredentialSpec": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.", - "runAsUserName": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.", + "runAsUserName": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is beta-level and may be disabled with the WindowsRunAsUserName feature flag.", } func (WindowsSecurityContextOptions) SwaggerDoc() map[string]string {