github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #125257 from vinayakankugoyal/armor

Browse Source 
KEP-24: Update AppArmor feature gates to GA stage.
This commit is contained in:
Kubernetes Prow Robot
2024-07-23 09:20:52 -07:00
committed by GitHub
parent d7194eb370 bc06071495
commit 7590cb7adf
12 changed files with 39 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/api/pod/util.go
View File

@@ -628,25 +628,6 @@ func dropDisabledFields(
podSpec = &api.PodSpec{}
}
if !utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) && !appArmorAnnotationsInUse(oldPodAnnotations) {
for k := range podAnnotations {
if strings.HasPrefix(k, api.DeprecatedAppArmorAnnotationKeyPrefix) {
delete(podAnnotations, k)
}
}
}
if (!utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) || !utilfeature.DefaultFeatureGate.Enabled(features.AppArmorFields)) && !appArmorFieldsInUse(oldPodSpec) {
if podSpec.SecurityContext != nil {
podSpec.SecurityContext.AppArmorProfile = nil
}
VisitContainers(podSpec, AllContainers, func(c *api.Container, _ ContainerType) bool {
if c.SecurityContext != nil {
c.SecurityContext.AppArmorProfile = nil
}
return true
})
}
// If the feature is disabled and not in use, drop the hostUsers field.
if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) && !hostUsersInUse(oldPodSpec) {
// Drop the field in podSpec only if SecurityContext is not nil.