Merge "Update default k8s admission controller list"
This commit is contained in:
commit
802ad34af7
@ -60,7 +60,7 @@ cat > /etc/kubernetes/apiserver <<EOF
|
||||
KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1"
|
||||
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379,http://127.0.0.1:4001"
|
||||
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
|
||||
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
|
||||
KUBE_ADMISSION_CONTROL="--admission-control=NodeRestriction,${ADMISSION_CONTROL_LIST}"
|
||||
KUBE_API_ARGS=""
|
||||
EOF
|
||||
|
||||
|
@ -222,7 +222,7 @@ parameters:
|
||||
type: string
|
||||
description: >
|
||||
List of admission control plugins to activate
|
||||
default: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota"
|
||||
default: "NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,PersistentVolumeClaimResize,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,RuntimeClass"
|
||||
|
||||
kube_allow_priv:
|
||||
type: string
|
||||
|
Loading…
Reference in New Issue
Block a user