Skip to content
This repository was archived by the owner on Apr 3, 2023. It is now read-only.

Commit ace0e7a

Browse files
author
Kubernetes Submit Queue
authored
Merge pull request kubernetes#58428 from dixudx/kubeadm_remove_initializers
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. kubeadm: remove Initializers (still in alpha) from admission control **What this PR does / why we need it**: Currently `Initializers` is still in alpha version, which should not be enabled by default, until promoted to beta. For kubeadm users, who still want to use `Initializers`, they can use `apiServerExtraArgs` through kubeadm config file to enable it when booting up the cluster. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes kubernetes/kubeadm#629 **Special notes for your reviewer**: /assign @luxas /area kubeadm /cc @kubernetes/sig-cluster-lifecycle-pr-reviews /cc @liggitt @jamiehannaford @timothysc **Release note**: ```release-note Remove alpha Initializers from kubadm admission control ```
2 parents b7100f1 + f154164 commit ace0e7a

File tree

2 files changed

+13
-13
lines changed

2 files changed

+13
-13
lines changed

cmd/kubeadm/app/phases/controlplane/manifests.go

+3-3
Original file line numberDiff line numberDiff line change
@@ -42,9 +42,9 @@ import (
4242
const (
4343
DefaultCloudConfigPath = "/etc/kubernetes/cloud-config"
4444

45-
defaultV18AdmissionControl = "Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota"
46-
deprecatedV19AdmissionControl = "Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota"
47-
defaultV19AdmissionControl = "Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota"
45+
defaultV18AdmissionControl = "NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota"
46+
deprecatedV19AdmissionControl = "NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota"
47+
defaultV19AdmissionControl = "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota"
4848
)
4949

5050
// CreateInitStaticPodManifestFiles will write all static pod manifest files needed to bring up the control plane.

cmd/kubeadm/app/phases/controlplane/manifests_test.go

+10-10
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,7 @@ func TestGetAPIServerCommand(t *testing.T) {
150150
expected: []string{
151151
"kube-apiserver",
152152
"--insecure-port=0",
153-
"--admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota",
153+
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota",
154154
"--service-cluster-ip-range=bar",
155155
"--service-account-key-file=" + testCertsDir + "/sa.pub",
156156
"--client-ca-file=" + testCertsDir + "/ca.crt",
@@ -184,7 +184,7 @@ func TestGetAPIServerCommand(t *testing.T) {
184184
expected: []string{
185185
"kube-apiserver",
186186
"--insecure-port=0",
187-
"--admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota",
187+
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota",
188188
"--service-cluster-ip-range=bar",
189189
"--service-account-key-file=" + testCertsDir + "/sa.pub",
190190
"--client-ca-file=" + testCertsDir + "/ca.crt",
@@ -218,7 +218,7 @@ func TestGetAPIServerCommand(t *testing.T) {
218218
expected: []string{
219219
"kube-apiserver",
220220
"--insecure-port=0",
221-
"--admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota",
221+
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota",
222222
"--service-cluster-ip-range=bar",
223223
"--service-account-key-file=" + testCertsDir + "/sa.pub",
224224
"--client-ca-file=" + testCertsDir + "/ca.crt",
@@ -253,7 +253,7 @@ func TestGetAPIServerCommand(t *testing.T) {
253253
expected: []string{
254254
"kube-apiserver",
255255
"--insecure-port=0",
256-
"--admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota",
256+
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota",
257257
"--service-cluster-ip-range=bar",
258258
"--service-account-key-file=" + testCertsDir + "/sa.pub",
259259
"--client-ca-file=" + testCertsDir + "/ca.crt",
@@ -290,7 +290,7 @@ func TestGetAPIServerCommand(t *testing.T) {
290290
expected: []string{
291291
"kube-apiserver",
292292
"--insecure-port=0",
293-
"--admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota",
293+
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota",
294294
"--service-cluster-ip-range=bar",
295295
"--service-account-key-file=" + testCertsDir + "/sa.pub",
296296
"--client-ca-file=" + testCertsDir + "/ca.crt",
@@ -327,7 +327,7 @@ func TestGetAPIServerCommand(t *testing.T) {
327327
expected: []string{
328328
"kube-apiserver",
329329
"--insecure-port=0",
330-
"--admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota",
330+
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota",
331331
"--service-cluster-ip-range=bar",
332332
"--service-account-key-file=" + testCertsDir + "/sa.pub",
333333
"--client-ca-file=" + testCertsDir + "/ca.crt",
@@ -364,7 +364,7 @@ func TestGetAPIServerCommand(t *testing.T) {
364364
expected: []string{
365365
"kube-apiserver",
366366
"--insecure-port=0",
367-
"--admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota",
367+
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota",
368368
"--service-cluster-ip-range=bar",
369369
"--service-account-key-file=" + testCertsDir + "/sa.pub",
370370
"--client-ca-file=" + testCertsDir + "/ca.crt",
@@ -401,7 +401,7 @@ func TestGetAPIServerCommand(t *testing.T) {
401401
expected: []string{
402402
"kube-apiserver",
403403
"--insecure-port=0",
404-
"--admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota",
404+
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota",
405405
"--service-cluster-ip-range=bar",
406406
"--service-account-key-file=" + testCertsDir + "/sa.pub",
407407
"--client-ca-file=" + testCertsDir + "/ca.crt",
@@ -437,7 +437,7 @@ func TestGetAPIServerCommand(t *testing.T) {
437437
expected: []string{
438438
"kube-apiserver",
439439
"--insecure-port=0",
440-
"--admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota",
440+
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota",
441441
"--service-cluster-ip-range=bar",
442442
"--service-account-key-file=" + testCertsDir + "/sa.pub",
443443
"--client-ca-file=" + testCertsDir + "/ca.crt",
@@ -473,7 +473,7 @@ func TestGetAPIServerCommand(t *testing.T) {
473473
expected: []string{
474474
"kube-apiserver",
475475
"--insecure-port=0",
476-
"--admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota",
476+
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota",
477477
"--service-cluster-ip-range=bar",
478478
"--service-account-key-file=" + testCertsDir + "/sa.pub",
479479
"--client-ca-file=" + testCertsDir + "/ca.crt",

0 commit comments

Comments
 (0)