Skip to content

Commit

Permalink
Merge pull request #11471 from VannTen/feat/config_plugin_list
Browse files Browse the repository at this point in the history 
Update the list of admission plugins which needs config
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Sep 18, 2024
2 parents 76c42b4 + 5b057c7 commit 893e9cb
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 10 deletions.
9 changes: 0 additions & 9 deletions roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,15 +122,6 @@
- item in kube_apiserver_admission_plugins_needs_configuration
loop: "{{ kube_apiserver_enable_admission_plugins }}"

- name: Kubeadm | Configure default cluster podnodeslector
template:
src: "podnodeselector.yaml.j2"
dest: "{{ kube_config_dir }}/admission-controls/podnodeselector.yaml"
mode: "0640"
when:
- kube_apiserver_admission_plugins_podnodeselector_default_node_selector is defined
- kube_apiserver_admission_plugins_podnodeselector_default_node_selector | length > 0

- name: Kubeadm | Check apiserver.crt SANs
vars:
apiserver_ips: "{{ apiserver_sans | map('ansible.utils.ipaddr') | reject('equalto', False) | list }}"
Expand Down
7 changes: 6 additions & 1 deletion roles/kubernetes/control-plane/vars/main.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
---
# list of admission plugins that needs to be configured
kube_apiserver_admission_plugins_needs_configuration: [EventRateLimit, PodSecurity]
# https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/
kube_apiserver_admission_plugins_needs_configuration:
- EventRateLimit
- ImagePolicyWebhook
- PodSecurity
- PodNodeSelector

0 comments on commit 893e9cb

Please sign in to comment.