Adrien Gooris
4 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with
0 additions and
12 deletions
-
roles/kubernetes/master/defaults/main/main.yml
-
roles/kubernetes/master/tasks/main.yml
|
|
|
@ -95,17 +95,6 @@ kube_apiserver_memory_requests: 256M |
|
|
|
kube_apiserver_cpu_requests: 100m |
|
|
|
kube_apiserver_request_timeout: "1m0s" |
|
|
|
|
|
|
|
# 1.9 and below Admission control plug-ins |
|
|
|
kube_apiserver_admission_control: |
|
|
|
- NamespaceLifecycle |
|
|
|
- LimitRanger |
|
|
|
- ServiceAccount |
|
|
|
- DefaultStorageClass |
|
|
|
- PersistentVolumeClaimResize |
|
|
|
- MutatingAdmissionWebhook |
|
|
|
- ValidatingAdmissionWebhook |
|
|
|
- ResourceQuota |
|
|
|
|
|
|
|
# 1.10+ admission plugins |
|
|
|
kube_apiserver_enable_admission_plugins: [] |
|
|
|
|
|
|
|
|
|
|
|
@ -61,7 +61,6 @@ |
|
|
|
|
|
|
|
- name: Disable SecurityContextDeny admission-controller and enable PodSecurityPolicy |
|
|
|
set_fact: |
|
|
|
kube_apiserver_admission_control: "{{ kube_apiserver_admission_control | default([]) | difference(['SecurityContextDeny']) | union(['PodSecurityPolicy']) | unique }}" |
|
|
|
kube_apiserver_enable_admission_plugins: "{{ kube_apiserver_enable_admission_plugins | difference(['SecurityContextDeny']) | union(['PodSecurityPolicy']) | unique }}" |
|
|
|
when: podsecuritypolicy_enabled |
|
|
|
|
|
|
|
|
