From 9238f38400ccf513fda9c728e1d41841df7e2c77 Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Fri, 9 Feb 2018 17:59:02 -0500 Subject: [PATCH] local-up-cluster.sh should be conformant out-of-the-box rename ALLOW_SECURITY_CONTEXT to DENY_SECURITY_CONTEXT_ADMISSION to be in line with the other admission plugins (like PSP_ADMISSION). Make sure by default, this plugin is not enabled as well. --- hack/local-up-cluster.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh index bd5417b7dfa..7b9ad89aad0 100755 --- a/hack/local-up-cluster.sh +++ b/hack/local-up-cluster.sh @@ -23,7 +23,7 @@ DOCKER_OPTS=${DOCKER_OPTS:-""} DOCKER=(docker ${DOCKER_OPTS}) DOCKERIZE_KUBELET=${DOCKERIZE_KUBELET:-""} ALLOW_PRIVILEGED=${ALLOW_PRIVILEGED:-""} -ALLOW_SECURITY_CONTEXT=${ALLOW_SECURITY_CONTEXT:-""} +DENY_SECURITY_CONTEXT_ADMISSION=${DENY_SECURITY_CONTEXT_ADMISSION:-""} PSP_ADMISSION=${PSP_ADMISSION:-""} NODE_ADMISSION=${NODE_ADMISSION:-""} RUNTIME_CONFIG=${RUNTIME_CONFIG:-""} @@ -418,7 +418,7 @@ function set_service_accounts { function start_apiserver { security_admission="" - if [[ -z "${ALLOW_SECURITY_CONTEXT}" ]]; then + if [[ -n "${DENY_SECURITY_CONTEXT_ADMISSION}" ]]; then security_admission=",SecurityContextDeny" fi if [[ -n "${PSP_ADMISSION}" ]]; then