From e5d47081a264bff410aeb59bebb38a531bc92ec8 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <jliggitt@redhat.com>
Date: Tue, 12 May 2015 15:19:05 -0400
Subject: [PATCH] Add ServiceAccount admission plugin

---
 cluster/aws/config-test.sh             | 2 +-
 cluster/ubuntu/config-default.sh       | 2 +-
 contrib/init/systemd/environ/apiserver | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/cluster/aws/config-test.sh b/cluster/aws/config-test.sh
index db49d9366f2..523c78af5de 100755
--- a/cluster/aws/config-test.sh
+++ b/cluster/aws/config-test.sh
@@ -68,7 +68,7 @@ DNS_DOMAIN="kubernetes.local"
 DNS_REPLICAS=1
 
 # Admission Controllers to invoke prior to persisting objects in cluster
-ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ResourceQuota
+ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
 
 # Optional: Enable/disable public IP assignment for minions.
 # Important Note: disable only if you have setup a NAT instance for internet access and configured appropriate routes!
diff --git a/cluster/ubuntu/config-default.sh b/cluster/ubuntu/config-default.sh
index 53d25eaa8ee..0bb49f26000 100755
--- a/cluster/ubuntu/config-default.sh
+++ b/cluster/ubuntu/config-default.sh
@@ -30,7 +30,7 @@ export PORTAL_NET=192.168.3.0/24
 export FLANNEL_NET=172.16.0.0/16
 
 # Admission Controllers to invoke prior to persisting objects in cluster
-ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,ResourceQuota
+ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,ServiceAccount,ResourceQuota
 
 # Optional: Install node monitoring.
 ENABLE_NODE_MONITORING=true
diff --git a/contrib/init/systemd/environ/apiserver b/contrib/init/systemd/environ/apiserver
index 3492457991d..3196610f8ec 100644
--- a/contrib/init/systemd/environ/apiserver
+++ b/contrib/init/systemd/environ/apiserver
@@ -20,7 +20,7 @@ KUBE_ETCD_SERVERS="--etcd_servers=http://127.0.0.1:4001"
 KUBE_SERVICE_ADDRESSES="--portal_net=10.254.0.0/16"
 
 # default admission control policies
-KUBE_ADMISSION_CONTROL="--admission_control=NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ResourceQuota"
+KUBE_ADMISSION_CONTROL="--admission_control=NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
 
 # Add your own!
 KUBE_API_ARGS=""