github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-27 13:15:36 +00:00
Code Issues Projects Releases Wiki Activity

api: remove SecurityContextDeny admission plugin

Browse Source
This commit is contained in:
Mahe Tardy
2024-01-05 15:11:18 +00:00
parent 96461a22a4
commit 73bec0f6d9
6 changed files with 1 additions and 318 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
hack/local-up-cluster.sh
View File

@@ -27,7 +27,6 @@ DOCKER_OPTS=${DOCKER_OPTS:-""}
export DOCKER=(docker "${DOCKER_OPTS[@]}")
DOCKER_ROOT=${DOCKER_ROOT:-""}
ALLOW_PRIVILEGED=${ALLOW_PRIVILEGED:-""}
DENY_SECURITY_CONTEXT_ADMISSION=${DENY_SECURITY_CONTEXT_ADMISSION:-""}
RUNTIME_CONFIG=${RUNTIME_CONFIG:-""}
KUBELET_AUTHORIZATION_WEBHOOK=${KUBELET_AUTHORIZATION_WEBHOOK:-""}
KUBELET_AUTHENTICATION_WEBHOOK=${KUBELET_AUTHENTICATION_WEBHOOK:-""}
@@ -486,14 +485,6 @@ function generate_kubelet_certs {
}
function start_apiserver {
security_admission=""
if [[ -n "${DENY_SECURITY_CONTEXT_ADMISSION}" ]]; then
security_admission=",SecurityContextDeny"
fi
# Append security_admission plugin
ENABLE_ADMISSION_PLUGINS="${ENABLE_ADMISSION_PLUGINS}${security_admission}"
authorizer_args=()
if [[ -n "${AUTHORIZATION_CONFIG:-}" ]]; then
authorizer_args+=("--authorization-config=${AUTHORIZATION_CONFIG}")