github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-05 18:24:07 +00:00
Code Issues Projects Releases Wiki Activity

Changing admission controller settings to match https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use

Browse Source
This commit is contained in:
Mike Wilson 2018-03-20 15:03:39 -04:00
parent e8388e035b
commit ffaab76223
1 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py
View File

@ -1135,7 +1135,7 @@ def configure_apiserver(etcd_connection_string, leader_etcd_version):
api_opts['etcd-certfile'] = etcd_cert api_opts['etcd-certfile'] = etcd_cert
api_opts['etcd-servers'] = etcd_connection_string api_opts['etcd-servers'] = etcd_connection_string
admission_control = [ admission_control_pre_1_9 = [
'Initializers', 'Initializers',
'NamespaceLifecycle', 'NamespaceLifecycle',
'LimitRanger', 'LimitRanger',
@ -1144,19 +1144,35 @@ def configure_apiserver(etcd_connection_string, leader_etcd_version):
'DefaultTolerationSeconds' 'DefaultTolerationSeconds'
] ]
admission_control = [
'NamespaceLifecycle',
'LimitRanger',
'ServiceAccount',
'PersistentVolumeLabel',
'DefaultStorageClass',
'DefaultTolerationSeconds',
'MutatingAdmissionWebhook',
'ValidatingAdmissionWebhook',
'ResourceQuota'
]
auth_mode = hookenv.config('authorization-mode') auth_mode = hookenv.config('authorization-mode')
if 'Node' in auth_mode: if 'Node' in auth_mode:
admission_control.append('NodeRestriction') admission_control.append('NodeRestriction')
api_opts['authorization-mode'] = auth_mode api_opts['authorization-mode'] = auth_mode
if get_version('kube-apiserver') < (1, 6): kube_version = get_version('kube-apiserver')
if kube_version < (1, 6):
hookenv.log('Removing DefaultTolerationSeconds from admission-control') hookenv.log('Removing DefaultTolerationSeconds from admission-control')
admission_control.remove('DefaultTolerationSeconds') admission_control_pre_1_9.remove('DefaultTolerationSeconds')
if get_version('kube-apiserver') < (1, 7): if kube_version < (1, 7):
hookenv.log('Removing Initializers from admission-control') hookenv.log('Removing Initializers from admission-control')
admission_control.remove('Initializers') admission_control_pre_1_9.remove('Initializers')
api_opts['admission-control'] = ','.join(admission_control) if kube_version < (1, 9):
api_opts['admission-control'] = ','.join(admission_control_pre_1_9)
else:
api_opts['admission-control'] = ','.join(admission_control)
configure_kubernetes_service('kube-apiserver', api_opts, 'api-extra-args') configure_kubernetes_service('kube-apiserver', api_opts, 'api-extra-args')
restart_apiserver() restart_apiserver()