mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 12:15:52 +00:00
local-up-cluster.sh should be conformant out-of-the-box
rename ALLOW_SECURITY_CONTEXT to DENY_SECURITY_CONTEXT_ADMISSION to be in line with the other admission plugins (like PSP_ADMISSION). Make sure by default, this plugin is not enabled as well.
This commit is contained in:
Davanum Srinivas
parent
9de5839944
commit
9238f38400
@ -23,7 +23,7 @@ DOCKER_OPTS=${DOCKER_OPTS:-""}
|
||||
DOCKER=(docker ${DOCKER_OPTS})
|
||||
DOCKERIZE_KUBELET=${DOCKERIZE_KUBELET:-""}
|
||||
ALLOW_PRIVILEGED=${ALLOW_PRIVILEGED:-""}
|
||||
ALLOW_SECURITY_CONTEXT=${ALLOW_SECURITY_CONTEXT:-""}
|
||||
DENY_SECURITY_CONTEXT_ADMISSION=${DENY_SECURITY_CONTEXT_ADMISSION:-""}
|
||||
PSP_ADMISSION=${PSP_ADMISSION:-""}
|
||||
NODE_ADMISSION=${NODE_ADMISSION:-""}
|
||||
RUNTIME_CONFIG=${RUNTIME_CONFIG:-""}
|
||||
@ -418,7 +418,7 @@ function set_service_accounts {
|
||||
|
||||
function start_apiserver {
|
||||
security_admission=""
|
||||
if [[ -z "${ALLOW_SECURITY_CONTEXT}" ]]; then
|
||||
if [[ -n "${DENY_SECURITY_CONTEXT_ADMISSION}" ]]; then
|
||||
security_admission=",SecurityContextDeny"
|
||||
fi
|
||||
if [[ -n "${PSP_ADMISSION}" ]]; then
|
||||
|
||||
Loading…
Reference in New Issue
Block a user