771b850039
This enables a smooth transition to PSP. Today, users would have to manually set --allow-privileged to true before transitioning to PSP, which isn't a smooth deprecation path for the flag (we want people to *stop* setting it). This PR makes the default behavior isomorphic with what will happen after the flag is removed. Defaulting --allow-privileged to true should be safe, because it simply allows a superset of Pods to run (all workloads continue to work). WRT https://github.com/kubernetes/kubernetes/issues/58010#issuecomment-383264473 the --allow-privileged flag is effectively useless for security, so this shouldn't be a concern from that perspective. I also bumped the deprecation timeline in the comment to 1.13.0, so that we give people the full period of time to stop setting --allow-privileged, now that the behavior makes it possible to do so. |
||
|---|---|---|
| .. | ||
| BUILD | ||
| container_runtime.go | ||
| globalflags_linux.go | ||
| globalflags_other.go | ||
| globalflags.go | ||
| options_test.go | ||
| options.go | ||
| osflags_others.go | ||
| osflags_windows.go | ||