kubernetes

mirror of https://github.com/kubernetes/kubernetes.git synced 2026-02-03 20:40:26 -05:00

History

Peter Hunt e8bd3f629d drop UserNamespacesPodSecurityStandards feature gate this feature gate was meant to be ephemeral, and only was used for guaranteeing a cluster admin didn't accidentally relax PSA policies before the kubelet would deny a pod was created if it didn't support user namespaces. As of kube 1.33, the supported apiserver version skew of n-3 guarantees that all supported kubelets are of 1.30 or later, meaning they do this. Now, we can unconditionally relax PSA policy if a pod is in a user namespace. This PR reserves older policies default behavior by never relaxing Signed-off-by: Peter Hunt <pehunt@redhat.com>	2025-10-31 14:08:21 -04:00
..
admission	drop UserNamespacesPodSecurityStandards feature gate	2025-10-31 14:08:21 -04:00
auth	Update SVM to Beta	2025-10-29 19:36:11 +00:00

Peter Hunt e8bd3f629d drop UserNamespacesPodSecurityStandards feature gate

this feature gate was meant to be ephemeral, and only was used for guaranteeing a
cluster admin didn't accidentally relax PSA policies before the kubelet would deny a pod
was created if it didn't support user namespaces. As of kube 1.33, the supported apiserver version
skew of n-3 guarantees that all supported kubelets are of 1.30 or later, meaning they do this.

Now, we can unconditionally relax PSA policy if a pod is in a user namespace.

This PR reserves older policies default behavior by never relaxing

Signed-off-by: Peter Hunt <pehunt@redhat.com>

2025-10-31 14:08:21 -04:00

admission

drop UserNamespacesPodSecurityStandards feature gate

2025-10-31 14:08:21 -04:00

auth

Update SVM to Beta

2025-10-29 19:36:11 +00:00