Partly remove support for seccomp annotations

We now partly drop the support for seccomp annotations which is planned for v1.25 as part of the KEP: https://github.com/kubernetes/enhancements/issues/135 Pod security policies are not touched by this change and therefore we have to keep the annotation key constants. This means we only allow the usage of the annotations for backwards compatibility reasons while the synchronization of the field to annotation is no longer supported. Using the annotations for static pods is also not supported any more. Making the annotations fully non-functional will be deferred to a future release. Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2022-05-05 13:29:44 +02:00
parent d046a58de4
commit 584783ee9f
11 changed files with 53 additions and 425 deletions
--- a/pkg/apis/core/validation/validation.go
+++ b/pkg/apis/core/validation/validation.go
@@ -4218,7 +4218,7 @@ func ValidatePodCreate(pod *core.Pod, opts PodValidationOptions) field.ErrorList
 	return allErrs
 }

-// ValidateSeccompAnnotationsAndFields iterates through all containers and ensure that when both seccompProfile and seccomp annotations exist they match.
+// validateSeccompAnnotationsAndFields iterates through all containers and ensure that when both seccompProfile and seccomp annotations exist they match.
 func validateSeccompAnnotationsAndFields(objectMeta metav1.ObjectMeta, podSpec *core.PodSpec, specPath *field.Path) field.ErrorList {
 	allErrs := field.ErrorList{}