set default enabled admission plugins by official document

2018-01-23 20:12:10 +08:00
parent 4327bc92ae
commit 27f3fd2d79
7 changed files with 20 additions and 6 deletions
--- a/pkg/kubeapiserver/options/plugins.go
+++ b/pkg/kubeapiserver/options/plugins.go
@@ -130,8 +130,17 @@ func RegisterAllAdmissionPlugins(plugins *admission.Plugins) {

 // DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.
 func DefaultOffAdmissionPlugins() sets.String {
-	defaultOffPlugins := sets.NewString(AllOrderedPlugins...)
-	defaultOffPlugins.Delete(lifecycle.PluginName)
+	defaultOnPlugins := sets.NewString(
+		lifecycle.PluginName,                //NamespaceLifecycle
+		limitranger.PluginName,              //LimitRanger
+		serviceaccount.PluginName,           //ServiceAccount
+		label.PluginName,                    //PersistentVolumeLabel
+		setdefault.PluginName,               //DefaultStorageClass
+		defaulttolerationseconds.PluginName, //DefaultTolerationSeconds
+		mutatingwebhook.PluginName,          //MutatingAdmissionWebhook
+		validatingwebhook.PluginName,        //ValidatingAdmissionWebhook
+		resourcequota.PluginName,            //ResourceQuota
+	)

-	return defaultOffPlugins
+	return sets.NewString(AllOrderedPlugins...).Difference(defaultOnPlugins)
 }