github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-21 01:50:55 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #58684 from hzxuzhonghu/default-enabled-admission

Browse Source 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

set default enabled admission plugins by official document

**What this PR does / why we need it**:

https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use

recommend  running the following set of admission controllers 
```
If you previously had not set the `--admission-control` flag, your cluster behavior may change (to be more standard).  See [https://kubernetes.io/docs/admin/admission-controllers/] for explanation of admission control.
```

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
Set default enabled admission plugins `NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota`
```
This commit is contained in:
Kubernetes Submit Queue
2018-02-22 05:24:44 -08:00
committed by GitHub
parent 064597a8e0 27f3fd2d79
commit 270148d7d9
7 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/kubeapiserver/options/plugins.go
View File

@@ -130,8 +130,17 @@ func RegisterAllAdmissionPlugins(plugins *admission.Plugins) {
// DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.
func DefaultOffAdmissionPlugins() sets.String {
defaultOffPlugins := sets.NewString(AllOrderedPlugins...)
defaultOffPlugins.Delete(lifecycle.PluginName)
defaultOnPlugins := sets.NewString(
lifecycle.PluginName, //NamespaceLifecycle
limitranger.PluginName, //LimitRanger
serviceaccount.PluginName, //ServiceAccount
label.PluginName, //PersistentVolumeLabel
setdefault.PluginName, //DefaultStorageClass
defaulttolerationseconds.PluginName, //DefaultTolerationSeconds
mutatingwebhook.PluginName, //MutatingAdmissionWebhook
validatingwebhook.PluginName, //ValidatingAdmissionWebhook
resourcequota.PluginName, //ResourceQuota
)
return defaultOffPlugins
return sets.NewString(AllOrderedPlugins...).Difference(defaultOnPlugins)
}