Browse Source
allow admission control plug-ins to be easily customized
pull/1233/head
gbolo
7 years ago
No known key found for this signature in database
GPG Key ID: FD398D887F2B50C7
2 changed files with
8 additions and
1 deletions
-
roles/kubernetes/master/defaults/main.yml
-
roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
|
|
|
@ -36,6 +36,13 @@ kube_apiserver_cpu_limit: 800m |
|
|
|
kube_apiserver_memory_requests: 256M |
|
|
|
kube_apiserver_cpu_requests: 100m |
|
|
|
|
|
|
|
# Admission control plug-ins |
|
|
|
kube_apiserver_admission_control: |
|
|
|
- NamespaceLifecycle |
|
|
|
- LimitRanger |
|
|
|
- ServiceAccount |
|
|
|
- DefaultStorageClass |
|
|
|
- ResourceQuota |
|
|
|
|
|
|
|
## Enable/Disable Kube API Server Authentication Methods |
|
|
|
kube_basic_auth: true |
|
|
|
|
|
|
|
@ -33,7 +33,7 @@ spec: |
|
|
|
- --etcd-keyfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem |
|
|
|
- --insecure-bind-address={{ kube_apiserver_insecure_bind_address }} |
|
|
|
- --apiserver-count={{ kube_apiserver_count }} |
|
|
|
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota |
|
|
|
- --admission-control={{ kube_apiserver_admission_control | join(',') }} |
|
|
|
- --service-cluster-ip-range={{ kube_service_addresses }} |
|
|
|
- --service-node-port-range={{ kube_apiserver_node_port_range }} |
|
|
|
- --client-ca-file={{ kube_cert_dir }}/ca.pem |
|
|
|
|
