kubernetes

mirror of https://github.com/kubernetes/kubernetes.git synced 2026-02-03 20:40:26 -05:00

History

Peter Hunt e8bd3f629d drop UserNamespacesPodSecurityStandards feature gate this feature gate was meant to be ephemeral, and only was used for guaranteeing a cluster admin didn't accidentally relax PSA policies before the kubelet would deny a pod was created if it didn't support user namespaces. As of kube 1.33, the supported apiserver version skew of n-3 guarantees that all supported kubelets are of 1.30 or later, meaning they do this. Now, we can unconditionally relax PSA policy if a pod is in a user namespace. This PR reserves older policies default behavior by never relaxing Signed-off-by: Peter Hunt <pehunt@redhat.com>	2025-10-31 14:08:21 -04:00
..
podsecurity	drop UserNamespacesPodSecurityStandards feature gate	2025-10-31 14:08:21 -04:00
doc.go	remove import doc comments	2024-12-02 16:59:34 +01:00

Peter Hunt e8bd3f629d drop UserNamespacesPodSecurityStandards feature gate

this feature gate was meant to be ephemeral, and only was used for guaranteeing a
cluster admin didn't accidentally relax PSA policies before the kubelet would deny a pod
was created if it didn't support user namespaces. As of kube 1.33, the supported apiserver version
skew of n-3 guarantees that all supported kubelets are of 1.30 or later, meaning they do this.

Now, we can unconditionally relax PSA policy if a pod is in a user namespace.

This PR reserves older policies default behavior by never relaxing

Signed-off-by: Peter Hunt <pehunt@redhat.com>

2025-10-31 14:08:21 -04:00

podsecurity

drop UserNamespacesPodSecurityStandards feature gate

2025-10-31 14:08:21 -04:00

doc.go

remove import doc comments

2024-12-02 16:59:34 +01:00