Skip to content
This repository has been archived by the owner on Sep 30, 2020. It is now read-only.

Commit

Permalink
Merge pull request #1857 from kubernetes-incubator/feature/v0.16.0-de…
Browse files Browse the repository at this point in the history
…fault-admission-controllers

[v0.16.0] Default Admission Controllers
  • Loading branch information
dominicgunn authored May 27, 2020
2 parents 21a0c48 + 9d5048a commit a773ae3
Show file tree
Hide file tree
Showing 4 changed files with 3 additions and 13 deletions.
2 changes: 0 additions & 2 deletions builtin/files/cluster.yaml.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -1390,8 +1390,6 @@ experimental:
# Please see https://github.com/kubernetes-incubator/kube-aws/pull/1009#discussion_r151197787 for more info.
alwaysPullImages:
enabled: false
initializers:
enabled: false
OwnerReferencesPermissionEnforcement:
enabled: false
# eventRateLimit Note
Expand Down
6 changes: 3 additions & 3 deletions builtin/files/userdata/cloud-config-controller
Original file line number Diff line number Diff line change
Expand Up @@ -3339,8 +3339,8 @@ write_files:
- --endpoint-reconciler-type=lease
{{- else }}
- --apiserver-count={{if .MinControllerCount}}{{ .MinControllerCount }}{{else}}{{ .Controller.Count }}{{end}}
{{- end }}
- --enable-admission-plugins=ExtendedResourceToleration,NodeRestriction,PodSecurityPolicy{{if .Experimental.Admission.AlwaysPullImages.Enabled}},AlwaysPullImages{{ end }}{{if .Experimental.Admission.Initializers.Enabled}},Initializers{{end}}{{ if .Experimental.Admission.EventRateLimit.Enabled }},EventRateLimit{{end}}
{{- end }}
- --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,PersistentVolumeClaimResize,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,RuntimeClass,ResourceQuota,ExtendedResourceToleration,NodeRestriction,PodSecurityPolicy{{if .Experimental.Admission.AlwaysPullImages.Enabled}},AlwaysPullImages{{ end }}{{ if .Experimental.Admission.EventRateLimit.Enabled }},EventRateLimit{{end}}
{{ if .Experimental.Admission.EventRateLimit.Enabled -}}
- --admission-control-config-file=/etc/kubernetes/auth/admission-control-config.yaml
{{ end -}}
Expand Down Expand Up @@ -3392,7 +3392,7 @@ write_files:
- --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
- --client-ca-file=/etc/kubernetes/ssl/ca.pem
- --service-account-key-file=/etc/kubernetes/ssl/service-account-key.pem
- --runtime-config=networking.k8s.io/v1/networkpolicies=true,policy/v1beta1/podsecuritypolicy=true{{if .Experimental.Admission.Initializers.Enabled}},admissionregistration.k8s.io/v1alpha1{{end}}
- --runtime-config=networking.k8s.io/v1/networkpolicies=true,policy/v1beta1/podsecuritypolicy=true
{{- if .ControllerFeatureGates.Enabled }}
- --feature-gates={{.ControllerFeatureGates.String}}
{{- end }}
Expand Down
3 changes: 0 additions & 3 deletions pkg/api/cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,6 @@ func NewDefaultCluster() *Cluster {
AlwaysPullImages{
Enabled: false,
},
Initializers{
Enabled: false,
},
OwnerReferencesPermissionEnforcement{
Enabled: false,
},
Expand Down
5 changes: 0 additions & 5 deletions pkg/api/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,6 @@ func (c Experimental) Validate(name string) error {

type Admission struct {
AlwaysPullImages AlwaysPullImages `yaml:"alwaysPullImages"`
Initializers Initializers `yaml:"initializers"`
OwnerReferencesPermissionEnforcement OwnerReferencesPermissionEnforcement `yaml:"ownerReferencesPermissionEnforcement"`
EventRateLimit EventRateLimit `yaml:"eventRateLimit"`
}
Expand All @@ -70,10 +69,6 @@ type AlwaysPullImages struct {
Enabled bool `yaml:"enabled"`
}

type Initializers struct {
Enabled bool `yaml:"enabled"`
}

type OwnerReferencesPermissionEnforcement struct {
Enabled bool `yaml:"enabled"`
}
Expand Down

0 comments on commit a773ae3

Please sign in to comment.