Revert "enable SeccompDefault feature gate automatically"

This reverts commit 1a865b7.
kubernetes · Sep 16, 2023 · 04f4d49 · 04f4d49
1 parent 1a865b7
commit 04f4d49
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 32 deletions.
diff --git a/docs/cluster_spec.md b/docs/cluster_spec.md
@@ -818,13 +818,15 @@ Note that Kubelet will fail to install the shutdown inhibtor on systems where lo
 
 ### SeccompDefault
 
-[SeccompDefault](https://kubernetes.io/blog/2021/08/25/seccomp-default/) enables the use of `RuntimeDefault` as the default seccomp profile for all workloads.
+[SeccompDefault](https://kubernetes.io/blog/2021/08/25/seccomp-default/) enables the use of `RuntimeDefault` as the default seccomp profile for all workloads. (Default: false)
 
-Note that this enables both the `SeccompDefault` feature gate and the `--seccomp-default=true` flag.
+Note that a feature gate is required to enable the feature, and the feature is turned on using kubelet config.
 
 ```yaml
 spec:
   kubelet:
+    featureGates:
+      SeccompDefault: "true"
     seccompDefault: true
 ```
 

diff --git a/nodeup/pkg/model/kubelet.go b/nodeup/pkg/model/kubelet.go
@@ -632,14 +632,6 @@ func (b *KubeletBuilder) buildKubeletConfigSpec() (*kops.KubeletConfigSpec, erro
 		c.AuthenticationTokenWebhook = fi.PtrTo(true)
 	}
 
-	if c.SeccompDefault != nil && *c.SeccompDefault == true {
-		if c.FeatureGates == nil {
-			c.FeatureGates = map[string]string{}
-		}
-
-		c.FeatureGates["SeccompDefault"] = "true"
-	}
-
 	return &c, nil
 }
 

diff --git a/nodeup/pkg/model/kubelet_test.go b/nodeup/pkg/model/kubelet_test.go
@@ -37,7 +37,6 @@ import (
 	"k8s.io/kops/upup/pkg/fi/cloudup"
 	"k8s.io/kops/util/pkg/distributions"
 	"k8s.io/kops/util/pkg/vfs"
-	"k8s.io/utils/ptr"
 )
 
 func TestTaintsApplied(t *testing.T) {
@@ -412,24 +411,3 @@ func Test_BuildComponentConfigFile(t *testing.T) {
 		t.Errorf("Failed to build component config file: %v", err)
 	}
 }
-
-func TestSeccompDefault(t *testing.T) {
-	b := &KubeletBuilder{
-		&NodeupModelContext{
-			NodeupConfig: &nodeup.Config{
-				KubeletConfig: kops.KubeletConfigSpec{
-					SeccompDefault: ptr.To(true),
-				},
-			},
-		},
-	}
-
-	c, err := b.buildKubeletConfigSpec()
-	if err != nil {
-		t.Error("failed to build kubelet config spec")
-	}
-
-	if c.FeatureGates["SeccompDefault"] != "true" {
-		t.Error("kubelet SeccompDefault feature gate should be enabled")
-	}
-}