From c8063c3b36d99e53ea749ffe96ddadaa1023be5c Mon Sep 17 00:00:00 2001 From: Kauana dos Santos Date: Tue, 11 Jul 2023 12:00:18 -0700 Subject: [PATCH] Fix tests --- config/core/configmaps/features.yaml | 6 +++--- pkg/apis/config/features.go | 2 +- pkg/apis/serving/fieldmask_test.go | 6 +++++- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/config/core/configmaps/features.yaml b/config/core/configmaps/features.yaml index a0f459d502ed..7c9744a0fd83 100644 --- a/config/core/configmaps/features.yaml +++ b/config/core/configmaps/features.yaml @@ -40,10 +40,10 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. - # Default SecurityContext settings to secure-by-default values - # if unset. - # # Indicates whether secure-pod-defaults support is enabled + + # WARNING: Cannot safely be disabled once enabled. + # See: TBD secure-pod-defaults: "enabled" # Indicates whether multi container support is enabled diff --git a/pkg/apis/config/features.go b/pkg/apis/config/features.go index 32b7345a8c08..60e82bda8558 100644 --- a/pkg/apis/config/features.go +++ b/pkg/apis/config/features.go @@ -71,7 +71,7 @@ func defaultFeaturesConfig() *Features { PodSpecInitContainers: Disabled, PodSpecDNSPolicy: Disabled, PodSpecDNSConfig: Disabled, - SecurePodDefaults: Disabled, + SecurePodDefaults: Enabled, TagHeaderBasedRouting: Disabled, AutoDetectHTTP2: Disabled, } diff --git a/pkg/apis/serving/fieldmask_test.go b/pkg/apis/serving/fieldmask_test.go index 5e957bb92521..02cc4af0da2e 100644 --- a/pkg/apis/serving/fieldmask_test.go +++ b/pkg/apis/serving/fieldmask_test.go @@ -719,7 +719,11 @@ func TestPodSecurityContextMask(t *testing.T) { }, } - want := &corev1.PodSecurityContext{} + want := &corev1.PodSecurityContext{ + SeccompProfile: &corev1.SeccompProfile{ + Type: corev1.SeccompProfileTypeRuntimeDefault, + }, + } ctx := context.Background() got := PodSecurityContextMask(ctx, in)