Merge pull request #3054 from reverson/1.10-admission

Add support for admission controllers in 1.10 and above
This commit is contained in:
Rong Zhang 2018-08-08 14:32:11 +08:00 committed by GitHub
commit 5c039d87aa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 1 deletions

View file

@ -41,7 +41,7 @@ kube_apiserver_cpu_limit: 800m
kube_apiserver_memory_requests: 256M kube_apiserver_memory_requests: 256M
kube_apiserver_cpu_requests: 100m kube_apiserver_cpu_requests: 100m
# Admission control plug-ins # 1.9 and below Admission control plug-ins
kube_apiserver_admission_control: kube_apiserver_admission_control:
- Initializers - Initializers
- NamespaceLifecycle - NamespaceLifecycle
@ -56,6 +56,12 @@ kube_apiserver_admission_control:
{%- endif -%} {%- endif -%}
- ResourceQuota - ResourceQuota
# 1.10+ admission plugins
kube_apiserver_enable_admission_plugins: []
# 1.10+ list of disabled admission plugins
kube_apiserver_disable_admission_plugins: []
# extra runtime config # extra runtime config
kube_api_runtime_config: kube_api_runtime_config:
- admissionregistration.k8s.io/v1alpha1 - admissionregistration.k8s.io/v1alpha1

View file

@ -34,7 +34,16 @@ apiServerExtraArgs:
bind-address: {{ kube_apiserver_bind_address }} bind-address: {{ kube_apiserver_bind_address }}
insecure-bind-address: {{ kube_apiserver_insecure_bind_address }} insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
insecure-port: "{{ kube_apiserver_insecure_port }}" insecure-port: "{{ kube_apiserver_insecure_port }}"
{% if kube_version | version_compare('v1.10', '<') %}
admission-control: {{ kube_apiserver_admission_control | join(',') }} admission-control: {{ kube_apiserver_admission_control | join(',') }}
{% else %}
{% if kube_apiserver_enable_admission_plugins|length > 0 %}
enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }}
{% endif %}
{% if kube_apiserver_disable_admission_plugins|length > 0 %}
disable-admission-plugins: {{ kube_apiserver_disable_admission_plugins | join(',') }}
{% endif %}
{% endif %}
apiserver-count: "{{ kube_apiserver_count }}" apiserver-count: "{{ kube_apiserver_count }}"
{% if kube_version | version_compare('v1.9', '>=') %} {% if kube_version | version_compare('v1.9', '>=') %}
endpoint-reconciler-type: lease endpoint-reconciler-type: lease

View file

@ -45,7 +45,16 @@ spec:
{% if kube_version | version_compare('v1.9', '>=') %} {% if kube_version | version_compare('v1.9', '>=') %}
- --endpoint-reconciler-type=lease - --endpoint-reconciler-type=lease
{% endif %} {% endif %}
{% if kube_version | version_compare('v1.10', '<') %}
- --admission-control={{ kube_apiserver_admission_control | join(',') }} - --admission-control={{ kube_apiserver_admission_control | join(',') }}
{% else %}
{% if kube_apiserver_enable_admission_plugins|length > 0 %}
- --enable-admission-plugins={{ kube_apiserver_enable_admission_plugins | join(',') }}
{% endif %}
{% if kube_apiserver_disable_admission_plugins|length > 0 %}
- --disable-admission-plugins={{ kube_apiserver_disable_admission_plugins | join(',') }}
{% endif %}
{% endif %}
- --service-cluster-ip-range={{ kube_service_addresses }} - --service-cluster-ip-range={{ kube_service_addresses }}
- --service-node-port-range={{ kube_apiserver_node_port_range }} - --service-node-port-range={{ kube_apiserver_node_port_range }}
- --client-ca-file={{ kube_cert_dir }}/ca.pem - --client-ca-file={{ kube_cert_dir }}/ca.pem