github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

PSP: conditional support for generic volume type

Browse Source 
When introducing the new "generic" volume type for generic ephemeral
inline volumes, the storage policy for PodSecurityPolicy objects
should have been extended so that this new type is valid only
if the generic ephemeral volume feature is enabled or an
existing object already has it.

Adding the new type to the internal API was also missed.
This commit is contained in:
Patrick Ohly
2021-02-09 12:15:42 +01:00
parent 90851a0fb5
commit 38384d5c13
4 changed files with 106 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/security/podsecuritypolicy/util/util.go
View File

@@ -29,6 +29,8 @@ const (
ValidatedPSPAnnotation = "kubernetes.io/psp"
)
// GetAllFSTypesExcept returns the result of GetAllFSTypesAsSet minus
// the given exceptions.
func GetAllFSTypesExcept(exceptions ...string) sets.String {
fstypes := GetAllFSTypesAsSet()
for _, e := range exceptions {
@@ -37,6 +39,8 @@ func GetAllFSTypesExcept(exceptions ...string) sets.String {
return fstypes
}
// GetAllFSTypesAsSet returns all actual volume types, regardless
// of feature gates. The special policy.All pseudo type is not included.
func GetAllFSTypesAsSet() sets.String {
fstypes := sets.NewString()
fstypes.Insert(