kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14045 from olemarkus/no-psp 

Do not allow PodSecurityPolicy using K8s 1.25
This commit is contained in:
Kubernetes Prow Robot 2022-07-28 01:47:11 -07:00 committed by GitHub
parent 932ff2177f 27306943d9
commit d1f66b8479
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/apis/kops/validation/validation.go
View File

@ -594,6 +594,20 @@ func validateKubeAPIServer(v *kops.KubeAPIServerConfig, c *kops.Cluster, fldPath
} }
} }
for _, plugin := range v.EnableAdmissionPlugins {
if plugin == "PodSecurityPolicy" && c.IsKubernetesGTE("1.25") {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("enableAdmissionPlugins"),
"PodSecurityPolicy has been removed from Kubernetes 1.25"))
}
}
for _, plugin := range v.AdmissionControl {
if plugin == "PodSecurityPolicy" && c.IsKubernetesGTE("1.25") {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("admissionControl"),
"PodSecurityPolicy has been removed from Kubernetes 1.25"))
}
}
proxyClientCertIsNil := v.ProxyClientCertFile == nil proxyClientCertIsNil := v.ProxyClientCertFile == nil
proxyClientKeyIsNil := v.ProxyClientKeyFile == nil proxyClientKeyIsNil := v.ProxyClientKeyFile == nil