Remove runtime in validate

Validate is useless as dockershim is removed Signed-off-by: yanghesong <hesong.yang@foxmail.com>
2022-01-09 09:11:49 +08:00 · 2022-01-09 09:11:49 +08:00 · 6905fef761
commit 6905fef761
parent d2c9456963
3 changed files with 6 additions and 13 deletions
--- a/pkg/kubelet/kubelet.go
+++ b/pkg/kubelet/kubelet.go
@ -831,7 +831,7 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,

 	if sysruntime.GOOS == "linux" {
 		// AppArmor is a Linux kernel security module and it does not support other operating systems.
-		klet.appArmorValidator = apparmor.NewValidator(containerRuntime)
+		klet.appArmorValidator = apparmor.NewValidator()
 		klet.softAdmitHandlers.AddPodAdmitHandler(lifecycle.NewAppArmorAdmitHandler(klet.appArmorValidator))
 	}
 	klet.softAdmitHandlers.AddPodAdmitHandler(lifecycle.NewNoNewPrivsAdmitHandler(klet.containerRuntime))
--- a/pkg/security/apparmor/validate.go
+++ b/pkg/security/apparmor/validate.go
@ -1,4 +1,4 @@
-/*
+/*/*
 Copyright 2016 The Kubernetes Authors.

 Licensed under the Apache License, Version 2.0 (the "License");
@ -29,7 +29,6 @@ import (
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	podutil "k8s.io/kubernetes/pkg/api/v1/pod"
 	"k8s.io/kubernetes/pkg/features"
-	kubetypes "k8s.io/kubernetes/pkg/kubelet/types"
 	utilpath "k8s.io/utils/path"
 )

@ -44,8 +43,8 @@ type Validator interface {
 }

 // NewValidator is in order to find AppArmor FS
-func NewValidator(runtime string) Validator {
-	if err := validateHost(runtime); err != nil {
+func NewValidator() Validator {
+	if err := validateHost(); err != nil {
 		return &validator{validateHostErr: err}
 	}
 	appArmorFS, err := getAppArmorFS()
@ -90,7 +89,7 @@ func (v *validator) ValidateHost() error {
 }

 // Verify that the host and runtime is capable of enforcing AppArmor profiles.
-func validateHost(runtime string) error {
+func validateHost() error {
 	// Check feature-gates
 	if !utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) {
 		return errors.New("AppArmor disabled by feature-gate")
@ -106,11 +105,6 @@ func validateHost(runtime string) error {
 		return errors.New("AppArmor is not enabled on the host")
 	}

-	// Check runtime support. Currently only Docker is supported.
-	if runtime != kubetypes.DockerContainerRuntime && runtime != kubetypes.RemoteContainerRuntime {
-		return fmt.Errorf("AppArmor is only enabled for 'docker' and 'remote' runtimes. Found: %q", runtime)
-	}
-
 	return nil
 }

--- a/pkg/security/apparmor/validate_test.go
+++ b/pkg/security/apparmor/validate_test.go
@ -43,8 +43,7 @@ func TestValidateHost(t *testing.T) {
 	// The test should be manually run if modifying the getAppArmorFS function.
 	t.Skip()

-	assert.NoError(t, validateHost("docker"))
-	assert.Error(t, validateHost("rkt"))
+	assert.NoError(t, validateHost())
 }

 func TestValidateProfileFormat(t *testing.T) {