github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a SecurityContextDeny feature gate disabled by default

Browse Source 
Put plugin registration behind the feature gate.
This commit is contained in:
mtardy
2023-03-10 18:01:48 +01:00
parent 5049382a81
commit 36a2156033
2 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/features/kube_features.go
View File

@@ -691,6 +691,14 @@ const (
// Enables the use of `RuntimeDefault` as the default seccomp profile for all workloads.
SeccompDefault featuregate.Feature = "SeccompDefault"
// owner: @mtardy
// alpha: v1.0
//
// Putting this admission plugin behind a feature gate is part of the
// deprecation process. For details about the removal see:
// https://github.com/kubernetes/kubernetes/issues/111516
SecurityContextDeny featuregate.Feature = "SecurityContextDeny"
// owner: @maplain @andrewsykim
// kep: https://kep.k8s.io/2086
// alpha: v1.21
@@ -1022,6 +1030,8 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
SeccompDefault: {Default: true, PreRelease: featuregate.Beta},
SecurityContextDeny: {Default: false, PreRelease: featuregate.Alpha},
ServiceIPStaticSubrange: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28
ServiceInternalTrafficPolicy: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28