Merge "Add admission control to CoreOS Driver"
This commit is contained in:
commit
5418a64974
|
@ -21,6 +21,11 @@ write_files:
|
|||
content: |
|
||||
#!/bin/sh
|
||||
|
||||
KUBE_ADMISSION_CONTROL=""
|
||||
if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
|
||||
KUBE_ADMISSION_CONTROL="- --admission-control=${ADMISSION_CONTROL_LIST}"
|
||||
fi
|
||||
|
||||
TLS_CERT_FILE=${KUBE_CERTS_PATH}/apiserver.pem
|
||||
TLS_PRIVATE_KEY_FILE=${KUBE_CERTS_PATH}/apiserver-key.pem
|
||||
CLIENT_CA_FILE=${KUBE_CERTS_PATH}/ca.pem
|
||||
|
@ -62,6 +67,7 @@ write_files:
|
|||
- --tls-private-key-file=${TLS_PRIVATE_KEY_FILE}
|
||||
- --client-ca-file=${CLIENT_CA_FILE}
|
||||
- --service-account-key-file=${TLS_PRIVATE_KEY_FILE}
|
||||
${KUBE_ADMISSION_CONTROL}
|
||||
ports:
|
||||
- containerPort: 6443
|
||||
hostPort: 6443
|
||||
|
|
|
@ -19,6 +19,7 @@ write_files:
|
|||
FLANNEL_NETWORK_SUBNETLEN="$FLANNEL_NETWORK_SUBNETLEN"
|
||||
FLANNEL_BACKEND="$FLANNEL_BACKEND"
|
||||
PORTAL_NETWORK_CIDR="$PORTAL_NETWORK_CIDR"
|
||||
ADMISSION_CONTROL_LIST="$ADMISSION_CONTROL_LIST"
|
||||
ETCD_DISCOVERY_URL="$ETCD_DISCOVERY_URL"
|
||||
USERNAME="$USERNAME"
|
||||
PASSWORD="$PASSWORD"
|
||||
|
|
|
@ -107,8 +107,8 @@ parameters:
|
|||
admission_control_list:
|
||||
type: string
|
||||
description: >
|
||||
Not used by this driver
|
||||
default: ""
|
||||
List of admission control plugins to activate
|
||||
default: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota"
|
||||
|
||||
kube_allow_priv:
|
||||
type: string
|
||||
|
@ -376,6 +376,7 @@ resources:
|
|||
system_pods_initial_delay: {get_param: system_pods_initial_delay}
|
||||
system_pods_timeout: {get_param: system_pods_timeout}
|
||||
portal_network_cidr: {get_param: portal_network_cidr}
|
||||
admission_control_list: {get_param: admission_control_list}
|
||||
fixed_network: {get_attr: [network, fixed_network]}
|
||||
fixed_subnet: {get_attr: [network, fixed_subnet]}
|
||||
discovery_url: {get_param: discovery_url}
|
||||
|
|
|
@ -77,6 +77,11 @@ parameters:
|
|||
(in seconds)
|
||||
default: 5
|
||||
|
||||
admission_control_list:
|
||||
type: string
|
||||
description: >
|
||||
List of admission control plugins to activate
|
||||
|
||||
fixed_network:
|
||||
type: string
|
||||
description: Network from which to allocate fixed addresses.
|
||||
|
@ -225,6 +230,7 @@ resources:
|
|||
"$SYSTEM_PODS_INITIAL_DELAY": {get_param: system_pods_initial_delay}
|
||||
"$SYSTEM_PODS_TIMEOUT": {get_param: system_pods_timeout}
|
||||
"$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr}
|
||||
"$ADMISSION_CONTROL_LIST": {get_param: admission_control_list}
|
||||
"$CLUSTER_SUBNET": {get_param: fixed_subnet}
|
||||
"$ETCD_DISCOVERY_URL": {get_param: discovery_url}
|
||||
"$WAIT_CURL": {get_attr: [master_wait_handle, curl_cli]}
|
||||
|
|
Loading…
Reference in New Issue