From 831651a69eea2ff33bd02dbf94e499894fbb36cf Mon Sep 17 00:00:00 2001 From: David Eads Date: Wed, 9 Dec 2020 16:54:10 -0500 Subject: [PATCH] deprecate PSP in 1.21, but leave removal at 1.25 After discussion in sig-auth, the future of restricting pod security settings does not lie in PSP because compatibility restrictions will prevent the kinds of changes that are required. To clearly signal this, we will deprecate PSP in 1.21 and leave the removal of the api as 1.25 in keeping with sig-arch required transitioning out of beta. --- staging/src/k8s.io/api/policy/v1beta1/types.go | 7 +++++-- .../policy/v1beta1/zz_generated.prerelease-lifecycle.go | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/staging/src/k8s.io/api/policy/v1beta1/types.go b/staging/src/k8s.io/api/policy/v1beta1/types.go index 711afc80c73..24998051f81 100644 --- a/staging/src/k8s.io/api/policy/v1beta1/types.go +++ b/staging/src/k8s.io/api/policy/v1beta1/types.go @@ -135,10 +135,12 @@ type Eviction struct { // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=1.10 -// +k8s:prerelease-lifecycle-gen:deprecated=1.22 +// +k8s:prerelease-lifecycle-gen:deprecated=1.21 +// +k8s:prerelease-lifecycle-gen:removed=1.25 // PodSecurityPolicy governs the ability to make requests that affect the Security Context // that will be applied to a pod and container. +// Deprecated in 1.21. type PodSecurityPolicy struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -485,7 +487,8 @@ const AllowAllRuntimeClassNames = "*" // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=1.10 -// +k8s:prerelease-lifecycle-gen:deprecated=1.22 +// +k8s:prerelease-lifecycle-gen:deprecated=1.21 +// +k8s:prerelease-lifecycle-gen:removed=1.25 // PodSecurityPolicyList is a list of PodSecurityPolicy objects. type PodSecurityPolicyList struct { diff --git a/staging/src/k8s.io/api/policy/v1beta1/zz_generated.prerelease-lifecycle.go b/staging/src/k8s.io/api/policy/v1beta1/zz_generated.prerelease-lifecycle.go index fca0a2a2ff1..18936137efd 100644 --- a/staging/src/k8s.io/api/policy/v1beta1/zz_generated.prerelease-lifecycle.go +++ b/staging/src/k8s.io/api/policy/v1beta1/zz_generated.prerelease-lifecycle.go @@ -83,7 +83,7 @@ func (in *PodSecurityPolicy) APILifecycleIntroduced() (major, minor int) { // APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor. func (in *PodSecurityPolicy) APILifecycleDeprecated() (major, minor int) { - return 1, 22 + return 1, 21 } // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. @@ -101,7 +101,7 @@ func (in *PodSecurityPolicyList) APILifecycleIntroduced() (major, minor int) { // APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. // It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor. func (in *PodSecurityPolicyList) APILifecycleDeprecated() (major, minor int) { - return 1, 22 + return 1, 21 } // APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.