rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-08-01 23:33:39 +00:00
Code Issues Releases Wiki Activity

Merge pull request #3291 from jiaqiluo/fix-psa-checks-v1.4

Browse Source
This commit is contained in:
Jiaqi Luo 2023-07-11 10:30:27 -07:00 committed by GitHub
commit 582da9d299
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cluster/defaults.go
View File

@ -404,8 +404,15 @@ func (c *Cluster) setClusterServicesDefaults() {
c.Services.KubeAPI.EventRateLimit.Configuration == nil {
c.Services.KubeAPI.EventRateLimit.Configuration = newDefaultEventRateLimitConfig()
}
if len(c.Services.KubeAPI.PodSecurityConfiguration) == 0 {
c.Services.KubeAPI.PodSecurityConfiguration = PodSecurityPrivileged
parsedVersion, err := getClusterVersion(c.Version)
if err != nil {
logrus.Warnf("Can not parse the cluster version [%s] to determine wether to set the default PodSecurityConfiguration: %v", c.Version, err)
} else {
if parsedRangeAtLeast123(parsedVersion) {
if len(c.Services.KubeAPI.PodSecurityConfiguration) == 0 {
c.Services.KubeAPI.PodSecurityConfiguration = PodSecurityPrivileged
}
}
}
}

10
cluster/hosts.go
View File

@ -167,11 +167,17 @@ func (c *Cluster) getConsolidatedAdmissionConfiguration() (*apiserverv1.Admissio
_ = setPluginConfiguration(admissionConfig, ertConfig)
// PodSecurity
psConfig, err := c.getPodSecurityAdmissionPluginConfiguration()
parsedVersion, err := getClusterVersion(c.Version)
if err != nil {
return nil, err
}
_ = setPluginConfiguration(admissionConfig, psConfig)
if parsedRangeAtLeast123(parsedVersion) {
psConfig, err := c.getPodSecurityAdmissionPluginConfiguration()
if err != nil {
return nil, err
}
_ = setPluginConfiguration(admissionConfig, psConfig)
}
return admissionConfig, nil
}