Drop RuntimeClass from PSP when feature is disabled

2026-01-05 23:47:50 +00:00 · 2019-04-24 15:32:57 -07:00
parent 1bd4340c7c
commit c666bd0012
3 changed files with 59 additions and 0 deletions
--- a/pkg/api/podsecuritypolicy/util.go
+++ b/pkg/api/podsecuritypolicy/util.go
@@ -38,6 +38,10 @@ func DropDisabledFields(pspSpec, oldPSPSpec *policy.PodSecurityPolicySpec) {
 	if !utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
 		pspSpec.AllowedCSIDrivers = nil
 	}
+	if !utilfeature.DefaultFeatureGate.Enabled(features.RuntimeClass) &&
+		(oldPSPSpec == nil || oldPSPSpec.RuntimeClass == nil) {
+		pspSpec.RuntimeClass = nil
+	}
 }

 func allowedProcMountTypesInUse(oldPSPSpec *policy.PodSecurityPolicySpec) bool {