Skip to content

Commit 8a218c2

Browse files
ameukamameukam
committed
Enable more admission controllers
Enable admission controllers for: - ValidatingAdmissionPolicy - RuntimeClass Signed-off-by: Arnaud Meukam <[email protected]>
1 parent 886a0ef commit 8a218c2

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

pkg/model/components/apiserver.go

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -147,21 +147,21 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(cluster *kops.Cluster) error
147147
}
148148
}
149149

150-
// TODO: We can probably rewrite these more clearly in descending order
151150
// Based on recommendations from:
152-
// https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
151+
// https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/
153152
{
154153
c.EnableAdmissionPlugins = []string{
155-
"NamespaceLifecycle",
156-
"LimitRanger",
157-
"ServiceAccount",
158-
//"PersistentVolumeLabel",
159154
"DefaultStorageClass",
160155
"DefaultTolerationSeconds",
156+
"LimitRanger",
161157
"MutatingAdmissionWebhook",
162-
"ValidatingAdmissionWebhook",
158+
"NamespaceLifecycle",
163159
"NodeRestriction",
164160
"ResourceQuota",
161+
"RuntimeClass",
162+
"ServiceAccount",
163+
"ValidatingAdmissionPolicy",
164+
"ValidatingAdmissionWebhook",
165165
}
166166
c.EnableAdmissionPlugins = append(c.EnableAdmissionPlugins, c.AppendAdmissionPlugins...)
167167
}

0 commit comments

Comments
 (0)