openstack
/
magnum
Code Issues Proposed changes

Merge "Update default k8s admission controller list"

This commit is contained in:
Zuul 2020-11-30 08:42:28 +00:00 committed by Gerrit Code Review
parent bc051d522f a837b5c03d
commit 802ad34af7
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
View File

@ -60,7 +60,7 @@ cat > /etc/kubernetes/apiserver <<EOF
KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1" KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1"
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379,http://127.0.0.1:4001" KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379,http://127.0.0.1:4001"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16" KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" KUBE_ADMISSION_CONTROL="--admission-control=NodeRestriction,${ADMISSION_CONTROL_LIST}"
KUBE_API_ARGS="" KUBE_API_ARGS=""
EOF EOF

2
magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
View File

@ -222,7 +222,7 @@ parameters:
type: string type: string
description: > description: >
List of admission control plugins to activate List of admission control plugins to activate
default: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota" default: "NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,PersistentVolumeClaimResize,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,RuntimeClass"
kube_allow_priv: kube_allow_priv:
type: string type: string