github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-12 12:48:51 +00:00
Code Issues Projects Releases Wiki Activity

PodSecurity: promote config and feature gate to GA

Browse Source 
Signed-off-by: wangyysde <net_use@bzhy.com>
This commit is contained in:
wangyysde
2022-06-09 16:05:32 +08:00
parent e8d6b76f8b
commit ab66a38194
16 changed files with 569 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugin/pkg/admission/security/podsecurity/admission.go
View File

@@ -48,7 +48,6 @@ import (
"k8s.io/kubernetes/pkg/apis/apps"
"k8s.io/kubernetes/pkg/apis/batch"
"k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/features"
podsecurityadmission "k8s.io/pod-security-admission/admission"
podsecurityconfigloader "k8s.io/pod-security-admission/admission/api/load"
podsecurityadmissionapi "k8s.io/pod-security-admission/api"
@@ -70,7 +69,6 @@ func Register(plugins *admission.Plugins) {
type Plugin struct {
*admission.Handler
enabled bool
inspectedFeatureGates bool
client kubernetes.Interface
@@ -152,7 +150,6 @@ func (p *Plugin) updateDelegate() {
}
func (c *Plugin) InspectFeatureGates(featureGates featuregate.FeatureGate) {
c.enabled = featureGates.Enabled(features.PodSecurity)
c.inspectedFeatureGates = true
}
@@ -178,9 +175,6 @@ var (
)
func (p *Plugin) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error {
if !p.enabled {
return nil
}
gr := a.GetResource().GroupResource()
if !applicableResources[gr] && !p.delegate.PodSpecExtractor.HasPodSpec(gr) {
return nil

6
plugin/pkg/admission/security/podsecurity/admission_test.go
View File

@@ -34,12 +34,10 @@ import (
"k8s.io/apiserver/pkg/warning"
"k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes/fake"
featuregatetesting "k8s.io/component-base/featuregate/testing"
"k8s.io/kubernetes/pkg/apis/apps"
"k8s.io/kubernetes/pkg/apis/batch"
"k8s.io/kubernetes/pkg/apis/core"
v1 "k8s.io/kubernetes/pkg/apis/core/v1"
"k8s.io/kubernetes/pkg/features"
podsecurityadmission "k8s.io/pod-security-admission/admission"
"k8s.io/utils/pointer"
"sigs.k8s.io/yaml"
@@ -78,8 +76,6 @@ func TestConvert(t *testing.T) {
}
func BenchmarkVerifyPod(b *testing.B) {
defer featuregatetesting.SetFeatureGateDuringTest(b, utilfeature.DefaultFeatureGate, features.PodSecurity, true)()
p, err := newPlugin(nil)
if err != nil {
b.Fatal(err)
@@ -188,8 +184,6 @@ func BenchmarkVerifyPod(b *testing.B) {
}
func BenchmarkVerifyNamespace(b *testing.B) {
defer featuregatetesting.SetFeatureGateDuringTest(b, utilfeature.DefaultFeatureGate, features.PodSecurity, true)()
p, err := newPlugin(nil)
if err != nil {
b.Fatal(err)