Browse Source

Merge "Update default k8s admission controller list"

changes/99/761899/4
Zuul 8 months ago
committed by Gerrit Code Review
parent
commit
802ad34af7
  1. 2
      magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
  2. 2
      magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml

2
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh

@ -60,7 +60,7 @@ cat > /etc/kubernetes/apiserver <<EOF
KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1"
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379,http://127.0.0.1:4001"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_ADMISSION_CONTROL="--admission-control=NodeRestriction,${ADMISSION_CONTROL_LIST}"
KUBE_API_ARGS=""
EOF

2
magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml

@ -222,7 +222,7 @@ parameters:
type: string
description: >
List of admission control plugins to activate
default: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota"
default: "NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,PersistentVolumeClaimResize,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,RuntimeClass"
kube_allow_priv:
type: string

Loading…
Cancel
Save