Merge pull request #11471 from VannTen/feat/config_plugin_list

Update the list of admission plugins which needs config
pull/11002/head
Kubernetes Prow Robot 2024-09-18 13:18:44 +01:00 committed by GitHub
commit 893e9cb177
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 6 additions and 10 deletions

View File

@ -122,15 +122,6 @@
- item in kube_apiserver_admission_plugins_needs_configuration - item in kube_apiserver_admission_plugins_needs_configuration
loop: "{{ kube_apiserver_enable_admission_plugins }}" loop: "{{ kube_apiserver_enable_admission_plugins }}"
- name: Kubeadm | Configure default cluster podnodeslector
template:
src: "podnodeselector.yaml.j2"
dest: "{{ kube_config_dir }}/admission-controls/podnodeselector.yaml"
mode: "0640"
when:
- kube_apiserver_admission_plugins_podnodeselector_default_node_selector is defined
- kube_apiserver_admission_plugins_podnodeselector_default_node_selector | length > 0
- name: Kubeadm | Check apiserver.crt SANs - name: Kubeadm | Check apiserver.crt SANs
vars: vars:
apiserver_ips: "{{ apiserver_sans | map('ansible.utils.ipaddr') | reject('equalto', False) | list }}" apiserver_ips: "{{ apiserver_sans | map('ansible.utils.ipaddr') | reject('equalto', False) | list }}"

View File

@ -1,3 +1,8 @@
--- ---
# list of admission plugins that needs to be configured # list of admission plugins that needs to be configured
kube_apiserver_admission_plugins_needs_configuration: [EventRateLimit, PodSecurity] # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/
kube_apiserver_admission_plugins_needs_configuration:
- EventRateLimit
- ImagePolicyWebhook
- PodSecurity
- PodNodeSelector