Use enable-admission-plugins flag for >=1.10 #8198
Conversation
k8s-ci-robot
added
size/S
|
Deploy preview for kubernetes-io-master-staging ready! Built with commit 6b9c67d https://deploy-preview-8198--kubernetes-io-master-staging.netlify.com |
|
/assign @Bradamant3 |
|
Could this option be also updated here: https://kubernetes.io/docs/reference/generated/kube-apiserver/ ? In https://deploy-preview-8198--kubernetes-io-master-staging.netlify.com/docs/reference/generated/kube-apiserver/ there is no |
docs/admin/admission-controllers.md
Outdated
| --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota | ||
| ``` | ||
|
|
||
| For Kubernetes >= 1.9.0, we strongly recommend running the following set of admission controllers (order matters). |
There was a problem hiding this comment.
This is a little confusing since "For Kubernetes >= 1.9.0 ..." includes 1.10, but you've just added a recommendation right before this "For Kubernetes >= 1.10.0 ..."
Recommend rephrasing something like the following. Note that this recommendation also uses standard language for referring to version ranges (we aren't consistent, but trying to get there when opportunity arises):
"For Kubernetes version 1.10.0 and later, we recommend running ... " (Replacing the parenthetical comment with a complete sentence would be a nice improvement, too.)
and then
"For Kubernetes version 1.9.0 and earlier ..." (but check -- should this be instead "For Kubernetes version 1.9.X and earlier ..." ?)
(While you're at it, we can get rid of "strongly" too -- adds no value.)
UNLESS it's the case that we think it's equally fine to run 1.10.0 and later without --enable-admission-plugins. But that's not my impression from related docs ...
k8s-ci-robot
added
size/M
|
@Bradamant3 Good feedback. How's this? cbe4403 |
|
@xmik https://github.com/kubernetes/website/blob/master/docs/reference/generated/kube-apiserver.md is auto-generated. @Bradamant3 where does this come from? |
|
@billpratt @xmik it'll take a bit of digging to find exactly where in the code the generated docs pull from, unless one of you happens to know already and can let me know. (I know where the scripts to generate are, but finding the appropriate code bits is a forensics exercise for someone who doesn't work on the feature ;) ). It will probably also take some further conversation to get the code comments updated; my guess is that we won't get the generated docs republished until 1.11 releases, but we can try for sooner. In the meantime, I'm going to approve this PR bc it seems important, and skip tech review bc I helped doc this feature elsewhere for 1.10. I'll file an issue to track down the missing flag in the generated docs separately. /approve |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Bradamant3 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
Use enable-admission-plugins flag for >=1.10 and add note that --admission-control is deprecated.
See here for more details: kubernetes/kubernetes#58123