-
Notifications
You must be signed in to change notification settings - Fork 38.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #106089 from liggitt/podsecurity-beta
PodSecurity: promote config and feature gate to beta
- Loading branch information
Showing
14 changed files
with
570 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
48 changes: 48 additions & 0 deletions
48
staging/src/k8s.io/pod-security-admission/admission/api/v1beta1/defaults.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
/* | ||
Copyright 2021 The Kubernetes Authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package v1beta1 | ||
|
||
import ( | ||
"k8s.io/apimachinery/pkg/runtime" | ||
"k8s.io/pod-security-admission/api" | ||
) | ||
|
||
func addDefaultingFuncs(scheme *runtime.Scheme) error { | ||
return RegisterDefaults(scheme) | ||
} | ||
|
||
func SetDefaults_PodSecurityDefaults(obj *PodSecurityDefaults) { | ||
if len(obj.Enforce) == 0 { | ||
obj.Enforce = string(api.LevelPrivileged) | ||
} | ||
if len(obj.Warn) == 0 { | ||
obj.Warn = string(api.LevelPrivileged) | ||
} | ||
if len(obj.Audit) == 0 { | ||
obj.Audit = string(api.LevelPrivileged) | ||
} | ||
|
||
if len(obj.EnforceVersion) == 0 { | ||
obj.EnforceVersion = string(api.VersionLatest) | ||
} | ||
if len(obj.WarnVersion) == 0 { | ||
obj.WarnVersion = string(api.VersionLatest) | ||
} | ||
if len(obj.AuditVersion) == 0 { | ||
obj.AuditVersion = string(api.VersionLatest) | ||
} | ||
} |
17 changes: 17 additions & 0 deletions
17
staging/src/k8s.io/pod-security-admission/admission/api/v1beta1/defaults_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
/* | ||
Copyright 2021 The Kubernetes Authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package v1beta1 |
23 changes: 23 additions & 0 deletions
23
staging/src/k8s.io/pod-security-admission/admission/api/v1beta1/doc.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
/* | ||
Copyright 2021 The Kubernetes Authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
// +k8s:deepcopy-gen=package | ||
// +k8s:conversion-gen=k8s.io/pod-security-admission/admission/api | ||
// +k8s:defaulter-gen=TypeMeta | ||
// +groupName=pod-security.admission.config.k8s.io | ||
|
||
// Package v1beta1 contains PodSecurity admission configuration file types | ||
package v1beta1 |
50 changes: 50 additions & 0 deletions
50
staging/src/k8s.io/pod-security-admission/admission/api/v1beta1/register.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
/* | ||
Copyright 2021 The Kubernetes Authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package v1beta1 | ||
|
||
import ( | ||
"k8s.io/apimachinery/pkg/runtime" | ||
"k8s.io/apimachinery/pkg/runtime/schema" | ||
) | ||
|
||
// GroupName is the group name use in this package | ||
const GroupName = "pod-security.admission.config.k8s.io" | ||
|
||
// SchemeGroupVersion is group version used to register these objects | ||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} | ||
|
||
var ( | ||
// SchemeBuilder is a pointer used to call AddToScheme | ||
SchemeBuilder runtime.SchemeBuilder | ||
localSchemeBuilder = &SchemeBuilder | ||
// AddToScheme is used to register the types to API encoding/decoding machinery | ||
AddToScheme = localSchemeBuilder.AddToScheme | ||
) | ||
|
||
func init() { | ||
// We only register manually written functions here. The registration of the | ||
// generated functions takes place in the generated files. The separation | ||
// makes the code compile even when the generated files are missing. | ||
localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) | ||
} | ||
|
||
func addKnownTypes(scheme *runtime.Scheme) error { | ||
scheme.AddKnownTypes(SchemeGroupVersion, | ||
&PodSecurityConfiguration{}, | ||
) | ||
return nil | ||
} |
44 changes: 44 additions & 0 deletions
44
staging/src/k8s.io/pod-security-admission/admission/api/v1beta1/types.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
/* | ||
Copyright 2021 The Kubernetes Authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package v1beta1 | ||
|
||
import ( | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
) | ||
|
||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object | ||
|
||
type PodSecurityConfiguration struct { | ||
metav1.TypeMeta | ||
Defaults PodSecurityDefaults `json:"defaults"` | ||
Exemptions PodSecurityExemptions `json:"exemptions"` | ||
} | ||
|
||
type PodSecurityDefaults struct { | ||
Enforce string `json:"enforce,omitempty"` | ||
EnforceVersion string `json:"enforce-version,omitempty"` | ||
Audit string `json:"audit,omitempty"` | ||
AuditVersion string `json:"audit-version,omitempty"` | ||
Warn string `json:"warn,omitempty"` | ||
WarnVersion string `json:"warn-version,omitempty"` | ||
} | ||
|
||
type PodSecurityExemptions struct { | ||
Usernames []string `json:"usernames,omitempty"` | ||
Namespaces []string `json:"namespaces,omitempty"` | ||
RuntimeClasses []string `json:"runtimeClasses,omitempty"` | ||
} |
Oops, something went wrong.