set default enabled admission plugins by official document

2025-09-06 11:42:14 +00:00 · 2018-01-23 20:12:10 +08:00
parent 4327bc92ae
commit 27f3fd2d79
7 changed files with 20 additions and 6 deletions
--- a/hack/make-rules/test-cmd.sh
+++ b/hack/make-rules/test-cmd.sh
@@ -35,6 +35,7 @@ function run_kube_apiserver() {

  # Admission Controllers to invoke prior to persisting objects in cluster
  ENABLE_ADMISSION_PLUGINS="Initializers,LimitRanger,ResourceQuota"
+  DISABLE_ADMISSION_PLUGINS="ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook"

  # Include RBAC (to exercise bootstrapping), and AlwaysAllow to allow all actions
  AUTHORIZATION_MODE="RBAC,AlwaysAllow"
@@ -46,6 +47,7 @@ function run_kube_apiserver() {
    --authorization-mode="${AUTHORIZATION_MODE}" \
    --secure-port="${SECURE_API_PORT}" \
    --enable-admission-plugins="${ENABLE_ADMISSION_PLUGINS}" \
+    --disable-admission-plugins="${DISABLE_ADMISSION_PLUGINS}" \
    --etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \
    --runtime-config=api/v1 \
    --storage-media-type="${KUBE_TEST_API_STORAGE_TYPE-}" \