New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auth: remove SecurityContextDeny admission plugin #122612
Conversation
Skipping CI for Draft Pull Request. |
/sig security |
/test all |
/retest |
pull-kubernetes-local-e2e is not passing at the moment, you can ignore that failure if you have checked locally that your proposed change works. |
Oh okay, but do you know how I could fix this? I have not run the e2e tests locally. |
So you haven't tried your changes to |
This comment was marked as resolved.
This comment was marked as resolved.
BTW, to link to the KEP you can use https://kep.k8s.io/3785 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
/assign @liggitt (local-up-cluster definitely looks good) |
LGTM label has been added. Git tree hash: 367da84eac9eed4650a9a6eaed97869233022d24
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
🧼🧽🫧
/remove-sig api-machinery |
/retest |
@mtardy: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/triage accepted |
/milestone v1.30 |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, mtardy The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Changelog suggestion: -Removed the `SecurityContextDeny` admission plugin, deprecated since v1.27. The Pod Security Admission plugin, available since v1.25, is recommended instead. See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#securitycontextdeny for more information.
+Removed the `SecurityContextDeny` admission plugin, deprecated since v1.27.
+The [Pod Security Admission](https://k8s.io/docs/concepts/security/pod-security-admission/) plugin,
+available since v1.25, is recommended instead. We can't link to the (removed) docs for a removed admission controller. |
Thanks, I updated that! |
What type of PR is this?
/kind deprecation
What this PR does / why we need it:
This PR removes the code associated with the
SecurityContextDeny
admission plugin. More info on why in the associated issue.Which issue(s) this PR fixes:
Part of #111516
Special notes for your reviewer:
Changes need to be made against https://github.com/kubernetes/test-infra configs before this PR will pass the tests. It was merged a few months ago:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: