github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-17 15:13:08 +00:00
Code Issues Projects Releases Wiki Activity

Removed DenyEscalatingExec from the list of default admission controllers.

Browse Source
This commit is contained in:
Abhishek Shah
2015-10-02 16:05:10 -07:00
parent 4856c7c033
commit a1b6dbe870
12 changed files with 13 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/admin/admission-controllers.md
View File

@@ -172,7 +172,7 @@ Yes.
For Kubernetes 1.0, we strongly recommend running the following set of admission control plug-ins (order matters):
```
--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,DenyEscalatingExec,ResourceQuota
--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
```

2
docs/admin/high-availability/kube-apiserver.yaml
View File

@@ -11,7 +11,7 @@ spec:
- /bin/sh
- -c
- /usr/local/bin/kube-apiserver --address=127.0.0.1 --etcd-servers=http://127.0.0.1:4001
--cloud-provider=gce --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,DenyEscalatingExec,ResourceQuota
--cloud-provider=gce --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
--service-cluster-ip-range=10.0.0.0/16 --client-ca-file=/srv/kubernetes/ca.crt
--basic-auth-file=/srv/kubernetes/basic_auth.csv --cluster-name=e2e-test-bburns
--tls-cert-file=/srv/kubernetes/server.cert --tls-private-key-file=/srv/kubernetes/server.key