Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
PodSecurityPolicy RuntimeClass support #73795
What type of PR is this?
What this PR does / why we need it:
Sandboxed runtimes will offer a key security feature for pods, so it makes sense for those security constraints to be enforceable by PodSecurityPolicy. This PR adds support for restricting & defaulting the RuntimeClass used by pods.
Does this PR introduce a user-facing change?:
Feb 14, 2019
as long as the featuregate is not yet GA, we have to allow for it being disabled, and drop the corresponding fields from new objects in podsecuritypolicy#DropDisabledFields (follow the pattern there of dropping if the feature is disabled and the existing object isn't using the new fields already)
[APPROVALNOTIFIER] This PR is APPROVED
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing