Skip to content
This repository has been archived by the owner on Oct 7, 2021. It is now read-only.

Commit

Permalink
Update admission controllers for k8s 1.14 and document them (#47)
Browse files Browse the repository at this point in the history
  • Loading branch information
Nuru authored Oct 29, 2019
1 parent 5eea977 commit 8c6c5f9
Showing 1 changed file with 20 additions and 2 deletions.
22 changes: 20 additions & 2 deletions templates/kops/kops-private-topology.yaml.gotmpl
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ spec:
{{- end }}
{{- if bool (getenv "KOPS_ADMISSION_CONTROL_ENABLED" "true") }}
admissionControl:
# Below are the officially recommended admission controllers for k8s 1.10-1.12
- NamespaceLifecycle
- LimitRanger
- ServiceAccount
Expand All @@ -54,10 +55,27 @@ spec:
- MutatingAdmissionWebhook
- ValidatingAdmissionWebhook
- ResourceQuota
- NodeRestriction
# Starting with k8s 1.13, Priority is also recommended
- Priority
- Initializers
# Starting wtih 1.14, these additional controllers are recommended
- TaintNodesByCondition
- PersistentVolumeClaimResize

# These controllers are optional security enhancements
# NodeRestriction works with Node and RBAC authorizers to limit what kubelet can modify
# See https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#api-authorization
- NodeRestriction
# DenyEscalatingExec: deny exec and attach commands to pods that run with escalated privileges that allow host access.
- DenyEscalatingExec

# These are just optional
# DefaultTolerationSeconds sets the default forgiveness toleration for pods to tolerate
# the taints notready:NoExecute and unreachable:NoExecute to 5 minutes
- DefaultTolerationSeconds

# The Initializers controller was an alpha feature of k8s 1.12 and 1.13 that did not pan out.
# Removed in Kubernetes 1.14 https://github.com/kubernetes/kubernetes/pull/72972
# - Initializers
{{- end }}
{{- if getenv "KOPS_OIDC_ISSUER_URL" }}
oidcClientID: "{{ getenv "KOPS_OIDC_CLIENT_ID" "kubernetes"}}"
Expand Down

0 comments on commit 8c6c5f9

Please sign in to comment.