Browse Source

allow admission control plug-ins to be easily customized

pull/1233/head
gbolo 7 years ago
parent
commit
49be805001
No known key found for this signature in database GPG Key ID: FD398D887F2B50C7
2 changed files with 8 additions and 1 deletions
  1. 7
      roles/kubernetes/master/defaults/main.yml
  2. 2
      roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2

7
roles/kubernetes/master/defaults/main.yml

@ -36,6 +36,13 @@ kube_apiserver_cpu_limit: 800m
kube_apiserver_memory_requests: 256M
kube_apiserver_cpu_requests: 100m
# Admission control plug-ins
kube_apiserver_admission_control:
- NamespaceLifecycle
- LimitRanger
- ServiceAccount
- DefaultStorageClass
- ResourceQuota
## Enable/Disable Kube API Server Authentication Methods
kube_basic_auth: true

2
roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2

@ -33,7 +33,7 @@ spec:
- --etcd-keyfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem
- --insecure-bind-address={{ kube_apiserver_insecure_bind_address }}
- --apiserver-count={{ kube_apiserver_count }}
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
- --admission-control={{ kube_apiserver_admission_control | join(',') }}
- --service-cluster-ip-range={{ kube_service_addresses }}
- --service-node-port-range={{ kube_apiserver_node_port_range }}
- --client-ca-file={{ kube_cert_dir }}/ca.pem

Loading…
Cancel
Save