github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-10 05:30:26 +00:00
Code Issues Projects Releases Wiki Activity

Removed DenyEscalatingExec from the list of default admission controllers.

Browse Source
This commit is contained in:
Abhishek Shah
2015-10-02 16:05:10 -07:00
parent 4856c7c033
commit a1b6dbe870
12 changed files with 13 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hack/local-up-cluster.sh
View File

@@ -203,11 +203,10 @@ function set_service_accounts {
function start_apiserver {
# Admission Controllers to invoke prior to persisting objects in cluster
if [[ -z "${ALLOW_SECURITY_CONTEXT}" ]]; then
ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,DenyEscalatingExec,ResourceQuota
ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
else
ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,ServiceAccount,DenyEscalatingExec,ResourceQuota
ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,ServiceAccount,ResourceQuota
fi
# This is the default dir and filename where the apiserver will generate a self-signed cert
# which should be able to be used as the CA to verify itself
CERT_DIR=/var/run/kubernetes