kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enable more admission controllers 

Enable admission controllers for:
 - ValidatingAdmissionPolicy
 - RuntimeClass

Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
This commit is contained in:
Arnaud Meukam 2025-04-14 15:09:04 +02:00
parent 886a0ef951
commit 8a218c2da7
No known key found for this signature in database
GPG Key ID: E127D6541A5EBDDB
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/model/components/apiserver.go
View File

@ -147,21 +147,21 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(cluster *kops.Cluster) error
}
}
// TODO: We can probably rewrite these more clearly in descending order
// Based on recommendations from:
// https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
// https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/
{
c.EnableAdmissionPlugins = []string{
"NamespaceLifecycle",
"LimitRanger",
"ServiceAccount",
//"PersistentVolumeLabel",
"DefaultStorageClass",
"DefaultTolerationSeconds",
"LimitRanger",
"MutatingAdmissionWebhook",
"ValidatingAdmissionWebhook",
"NamespaceLifecycle",
"NodeRestriction",
"ResourceQuota",
"RuntimeClass",
"ServiceAccount",
"ValidatingAdmissionPolicy",
"ValidatingAdmissionWebhook",
}
c.EnableAdmissionPlugins = append(c.EnableAdmissionPlugins, c.AppendAdmissionPlugins...)
}