github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move PodShareProcessNamespace feature gate out of validation

Browse Source
This commit is contained in:
Rajath Agasthya
2019-01-08 14:26:21 -08:00
parent 5d743157b6
commit 4e1d4caa8f
4 changed files with 118 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
pkg/api/pod/util.go
View File

@@ -293,6 +293,12 @@ func dropDisabledFields(
}
}
if !utilfeature.DefaultFeatureGate.Enabled(features.PodShareProcessNamespace) && !shareProcessNamespaceInUse(oldPodSpec) {
if podSpec.SecurityContext != nil {
podSpec.SecurityContext.ShareProcessNamespace = nil
}
}
if !utilfeature.DefaultFeatureGate.Enabled(features.PodPriority) && !podPriorityInUse(oldPodSpec) {
// Set to nil pod's priority fields if the feature is disabled and the old pod
// does not specify any values for these fields.
@@ -454,6 +460,16 @@ func appArmorInUse(podAnnotations map[string]string) bool {
return false
}
func shareProcessNamespaceInUse(podSpec *api.PodSpec) bool {
if podSpec == nil {
return false
}
if podSpec.SecurityContext != nil && podSpec.SecurityContext.ShareProcessNamespace != nil {
return true
}
return false
}
// podPriorityInUse returns true if the pod spec is non-nil and has Priority or PriorityClassName set.
func podPriorityInUse(podSpec *api.PodSpec) bool {
if podSpec == nil {