Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kubeadm should not use --admission-controller anymore. #840

Closed
luxas opened this issue May 21, 2018 · 1 comment
Closed

kubeadm should not use --admission-controller anymore. #840

luxas opened this issue May 21, 2018 · 1 comment
Assignees
Labels
kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. priority/backlog Higher priority than priority/awaiting-more-evidence.
Milestone

Comments

@luxas
Copy link
Member

luxas commented May 21, 2018

ref: kubernetes/kubernetes#58123 and kubernetes/kubernetes#58684

Instead of specifying the full --admission-control flag which is now deprecated, we should instead use

  • --enable-admission-plugin=NodeRestriction (we enforce Node authz)
  • --disable-admission-plugin=PersistentVolumeLabel (this is deprecated)

The default list can be found here: https://github.com/kubernetes/kubernetes/blob/master/pkg/kubeapiserver/options/plugins.go#L130-L140.
What kubeadm enabled in v1.10 is here: https://github.com/kubernetes/kubernetes/blob/release-1.10/cmd/kubeadm/app/phases/controlplane/manifests.go#L48.
These should stay the same.
This is a good starter issue for someone who wants to start contributing 👍

TODO: remove PersistentVolumeLabel as it's will be automatically disabled in v1.11:
this PR adds it as we need to support 1.10:
kubernetes/kubernetes#64165

references:
kubernetes/kubernetes#64326
kubernetes/kubernetes#52618
kubernetes/kubernetes#52617

@luxas luxas added the priority/backlog Higher priority than priority/awaiting-more-evidence. label May 21, 2018
@luxas luxas added this to the v1.11 milestone May 21, 2018
@luxas luxas added kind/enhancement kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. labels May 21, 2018
@neolit123 neolit123 added the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label May 21, 2018
@neolit123 neolit123 self-assigned this May 22, 2018
@luxas luxas added lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. and removed help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. labels May 23, 2018
k8s-github-robot pushed a commit to kubernetes/kubernetes that referenced this issue May 29, 2018
Automatic merge from submit-queue (batch tested with PRs 64308, 64367, 64165, 64274). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

kubeadm: do not use --admission-control for the API server

**What this PR does / why we need it**:
The API server argument --admission-control is deprecated.
Use the following arguments instead:
  --enable-admission-plugins=NodeRestriction
  --disable-admission-plugins=PersistentVolumeLabel

Add comment that PersistentVolumeLabel should be removed at some
point in 1.11.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Updates kubernetes/kubeadm#840

**Special notes for your reviewer**:
NONE

**Release note**:

```release-note
kubeadm: when starting the API server use the arguments --enable-admission-plugins and --disable-admission-plugins instead of the deprecated --admission-control.
```

@luxas
@kubernetes/sig-cluster-lifecycle-pr-reviews 
/area kubeadm
@luxas
Copy link
Member Author

luxas commented May 29, 2018

This got fixed by kubernetes/kubernetes#64165

@luxas luxas closed this as completed May 29, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. priority/backlog Higher priority than priority/awaiting-more-evidence.
Projects
None yet
Development

No branches or pull requests

2 participants