kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Initializers admission controller 

Also sync up Admission controllers with current default sets for 1.7 &
1.8
This commit is contained in:
Justin Santa Barbara 2017-08-27 20:25:43 -04:00
parent 1e5cf2db52
commit 4d52a7c9e6
2 changed files with 37 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/apis/kops/util/versions.go
View File

@ -79,6 +79,10 @@ func IsKubernetesGTE(version string, k8sVersion semver.Version) bool {
return k8sVersion.Major > 1 || (k8sVersion.Major == 1 && k8sVersion.Minor >= 6)
case "1.7":
return k8sVersion.Major > 1 || (k8sVersion.Major == 1 && k8sVersion.Minor >= 7)
case "1.8":
return k8sVersion.Major > 1 || (k8sVersion.Major == 1 && k8sVersion.Minor >= 8)
case "1.9":
return k8sVersion.Major > 1 || (k8sVersion.Major == 1 && k8sVersion.Minor >= 9)
default:
panic(fmt.Sprintf("IsKubernetesGTE not supported with version %q", version))
}

35
pkg/model/components/apiserver.go
View File

@ -121,6 +121,7 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
c.EtcdServers = []string{"http://127.0.0.1:4001"}
c.EtcdServersOverrides = []string{"/events#http://127.0.0.1:4002"}
// TODO: We can probably rewrite these more clearly in descending order
if b.IsKubernetesGTE("1.3") && b.IsKubernetesLT("1.4") {
c.AdmissionControl = []string{
"NamespaceLifecycle",
@ -149,9 +150,8 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
"DefaultStorageClass",
"ResourceQuota",
}
c.AnonymousAuth = fi.Bool(false)
}
if b.IsKubernetesGTE("1.6") {
if b.IsKubernetesGTE("1.6") && b.IsKubernetesLT("1.7") {
c.AdmissionControl = []string{
"NamespaceLifecycle",
"LimitRanger",
@ -161,6 +161,37 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
"DefaultTolerationSeconds",
"ResourceQuota",
}
}
if b.IsKubernetesGTE("1.7") && b.IsKubernetesLT("1.8") {
c.AdmissionControl = []string{
"Initializers",
"NamespaceLifecycle",
"LimitRanger",
"ServiceAccount",
"PersistentVolumeLabel",
"DefaultStorageClass",
"DefaultTolerationSeconds",
"NodeRestriction",
"ResourceQuota",
}
}
if b.IsKubernetesGTE("1.8") {
c.AdmissionControl = []string{
"Initializers",
"NamespaceLifecycle",
"LimitRanger",
"ServiceAccount",
"PersistentVolumeLabel",
"DefaultStorageClass",
"DefaultTolerationSeconds",
"NodeRestriction",
"Priority",
"ResourceQuota",
}
}
// We make sure to disable AnonymousAuth from when it was introduced
if b.IsKubernetesGTE("1.5") {
c.AnonymousAuth = fi.Bool(false)
}