kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove Initializers from default admission plugins

This commit is contained in:
Jordan Liggitt 2019-01-16 16:49:46 -05:00
parent 09acd56675
commit 32f196fd71
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/model/components/apiserver.go
View File

@ -255,7 +255,7 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
} }
// Based on recommendations from: // Based on recommendations from:
// https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use // https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
if b.IsKubernetesGTE("1.10") { if b.IsKubernetesGTE("1.10") && b.IsKubernetesLT("1.12") {
c.EnableAdmissionPlugins = []string{ c.EnableAdmissionPlugins = []string{
"Initializers", "Initializers",
"NamespaceLifecycle", "NamespaceLifecycle",
@ -270,6 +270,22 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
"ResourceQuota", "ResourceQuota",
} }
} }
// Based on recommendations from:
// https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
if b.IsKubernetesGTE("1.12") {
c.EnableAdmissionPlugins = []string{
"NamespaceLifecycle",
"LimitRanger",
"ServiceAccount",
"PersistentVolumeLabel",
"DefaultStorageClass",
"DefaultTolerationSeconds",
"MutatingAdmissionWebhook",
"ValidatingAdmissionWebhook",
"NodeRestriction",
"ResourceQuota",
}
}
// We make sure to disable AnonymousAuth from when it was introduced // We make sure to disable AnonymousAuth from when it was introduced
if b.IsKubernetesGTE("1.5") { if b.IsKubernetesGTE("1.5") {