kubeadm should not use --admission-controller
anymore.
#840
Labels
kind/cleanup
Categorizes issue or PR as related to cleaning up code, process, or technical debt.
lifecycle/active
Indicates that an issue or PR is actively being worked on by a contributor.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
Milestone
ref: kubernetes/kubernetes#58123 and kubernetes/kubernetes#58684
Instead of specifying the full
--admission-control
flag which is now deprecated, we should instead use--enable-admission-plugin=NodeRestriction
(we enforce Node authz)--disable-admission-plugin=PersistentVolumeLabel
(this is deprecated)The default list can be found here: https://github.com/kubernetes/kubernetes/blob/master/pkg/kubeapiserver/options/plugins.go#L130-L140.
What kubeadm enabled in v1.10 is here: https://github.com/kubernetes/kubernetes/blob/release-1.10/cmd/kubeadm/app/phases/controlplane/manifests.go#L48.
These should stay the same.
This is a good starter issue for someone who wants to start contributing 👍
TODO: remove
PersistentVolumeLabel
as it's will be automatically disabled in v1.11:this PR adds it as we need to support 1.10:
kubernetes/kubernetes#64165
references:
kubernetes/kubernetes#64326
kubernetes/kubernetes#52618
kubernetes/kubernetes#52617
The text was updated successfully, but these errors were encountered: