From c5a958b50b5e9754db30a4188bceed487348d3e1 Mon Sep 17 00:00:00 2001 From: Jack Francis Date: Wed, 30 May 2018 13:01:32 -0700 Subject: [PATCH] ensure --admission-control is removed for 1.10 (#3108) --- pkg/acsengine/defaults-apiserver.go | 8 ++++++++ pkg/acsengine/defaults-apiserver_test.go | 7 ++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/pkg/acsengine/defaults-apiserver.go b/pkg/acsengine/defaults-apiserver.go index 620cbfda01..36f7699996 100644 --- a/pkg/acsengine/defaults-apiserver.go +++ b/pkg/acsengine/defaults-apiserver.go @@ -138,6 +138,14 @@ func setAPIServerConfig(cs *api.ContainerService) { delete(o.KubernetesConfig.APIServerConfig, key) } } + + // Enforce flags removal that don't work with specific versions, to accommodate upgrade + // Remove flags that are not compatible with 1.10 + if common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.10.0") { + for _, key := range []string{"--admission-control"} { + delete(o.KubernetesConfig.APIServerConfig, key) + } + } } func getDefaultAdmissionControls(cs *api.ContainerService) (string, string) { diff --git a/pkg/acsengine/defaults-apiserver_test.go b/pkg/acsengine/defaults-apiserver_test.go index 791170caa8..58c295198c 100644 --- a/pkg/acsengine/defaults-apiserver_test.go +++ b/pkg/acsengine/defaults-apiserver_test.go @@ -294,13 +294,14 @@ func TestAPIServerConfigEnableSecureKubelet(t *testing.T) { func TestAPIServerConfigDefaultAdmissionControls(t *testing.T) { // Test --enable-admission-plugins for v1.10 and above version := "1.10.0" + enableAdmissionPluginsKey := "--enable-admission-plugins" + admissonControlKey := "--admission-control" cs := createContainerService("testcluster", version, 3, 2) + cs.Properties.OrchestratorProfile.KubernetesConfig.APIServerConfig = map[string]string{} + cs.Properties.OrchestratorProfile.KubernetesConfig.APIServerConfig[admissonControlKey] = "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,DenyEscalatingExec,AlwaysPullImages" setAPIServerConfig(cs) a := cs.Properties.OrchestratorProfile.KubernetesConfig.APIServerConfig - enableAdmissionPluginsKey := "--enable-admission-plugins" - admissonControlKey := "--admission-control" - // --enable-admission-plugins should be set for v1.10 and above if _, found := a[enableAdmissionPluginsKey]; !found { t.Fatalf("Admission control key '%s' not set in API server config for version %s", enableAdmissionPluginsKey, version)