github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-06 16:06:51 +00:00
Code Issues Projects Releases Wiki Activity

sysctls: create feature gate to track promotion

Browse Source
This commit is contained in:
Seth Jennings
2018-03-21 15:45:51 -05:00
committed by Jan Chaloupka
parent 3cc15363bc
commit 6729add11c
7 changed files with 49 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/apis/policy/validation/validation.go
View File

@@ -30,9 +30,12 @@ import (
apivalidation "k8s.io/kubernetes/pkg/apis/core/validation"
extensionsvalidation "k8s.io/kubernetes/pkg/apis/extensions/validation"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/features"
"k8s.io/kubernetes/pkg/security/apparmor"
"k8s.io/kubernetes/pkg/security/podsecuritypolicy/seccomp"
psputil "k8s.io/kubernetes/pkg/security/podsecuritypolicy/util"
utilfeature "k8s.io/apiserver/pkg/util/feature"
)
func ValidatePodDisruptionBudget(pdb *policy.PodDisruptionBudget) field.ErrorList {
@@ -345,6 +348,15 @@ func validatePodSecurityPolicySysctlListsDoNotOverlap(allowedSysctlsFldPath, for
// validatePodSecurityPolicySysctls validates the sysctls fields of PodSecurityPolicy.
func validatePodSecurityPolicySysctls(fldPath *field.Path, sysctls []string) field.ErrorList {
allErrs := field.ErrorList{}
if len(sysctls) == 0 {
return allErrs
}
if !utilfeature.DefaultFeatureGate.Enabled(features.Sysctls) {
return append(allErrs, field.Forbidden(fldPath, "Sysctls are disabled by Sysctls feature-gate"))
}
coversAll := false
for i, s := range sysctls {
if len(s) == 0 {