enable DefaultTolerationSeconds admission controller by default
This commit is contained in:
		| @@ -138,7 +138,7 @@ fi | |||||||
|  |  | ||||||
| # Admission Controllers to invoke prior to persisting objects in cluster | # Admission Controllers to invoke prior to persisting objects in cluster | ||||||
| # If we included ResourceQuota, we should keep it at the end of the list to prevent incrementing quota usage prematurely. | # If we included ResourceQuota, we should keep it at the end of the list to prevent incrementing quota usage prematurely. | ||||||
| ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota | ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds | ||||||
|  |  | ||||||
| # Optional: Enable/disable public IP assignment for minions. | # Optional: Enable/disable public IP assignment for minions. | ||||||
| # Important Note: disable only if you have setup a NAT instance for internet access and configured appropriate routes! | # Important Note: disable only if you have setup a NAT instance for internet access and configured appropriate routes! | ||||||
|   | |||||||
| @@ -124,7 +124,7 @@ fi | |||||||
|  |  | ||||||
| # Admission Controllers to invoke prior to persisting objects in cluster | # Admission Controllers to invoke prior to persisting objects in cluster | ||||||
| # If we included ResourceQuota, we should keep it at the end of the list to prevent incrementing quota usage prematurely. | # If we included ResourceQuota, we should keep it at the end of the list to prevent incrementing quota usage prematurely. | ||||||
| ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota | ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds | ||||||
|  |  | ||||||
| # Optional: Enable/disable public IP assignment for minions. | # Optional: Enable/disable public IP assignment for minions. | ||||||
| # Important Note: disable only if you have setup a NAT instance for internet access and configured appropriate routes! | # Important Note: disable only if you have setup a NAT instance for internet access and configured appropriate routes! | ||||||
|   | |||||||
| @@ -57,4 +57,4 @@ ENABLE_CLUSTER_MONITORING="${KUBE_ENABLE_CLUSTER_MONITORING:-influxdb}" | |||||||
| ENABLE_CLUSTER_UI="${KUBE_ENABLE_CLUSTER_UI:-true}" | ENABLE_CLUSTER_UI="${KUBE_ENABLE_CLUSTER_UI:-true}" | ||||||
|  |  | ||||||
| # Admission Controllers to invoke prior to persisting objects in cluster | # Admission Controllers to invoke prior to persisting objects in cluster | ||||||
| ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,DefaultStorageClass,ResourceQuota | ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds | ||||||
|   | |||||||
| @@ -117,7 +117,7 @@ export FLANNEL_NET=${FLANNEL_NET:-"172.16.0.0/16"} | |||||||
|  |  | ||||||
| # Admission Controllers to invoke prior to persisting objects in cluster | # Admission Controllers to invoke prior to persisting objects in cluster | ||||||
| # If we included ResourceQuota, we should keep it at the end of the list to prevent incrementing quota usage prematurely. | # If we included ResourceQuota, we should keep it at the end of the list to prevent incrementing quota usage prematurely. | ||||||
| export ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota | export ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,DefaultTolerationSeconds | ||||||
|  |  | ||||||
| # Extra options to set on the Docker command line. | # Extra options to set on the Docker command line. | ||||||
| # This is useful for setting --insecure-registry for local registries. | # This is useful for setting --insecure-registry for local registries. | ||||||
|   | |||||||
| @@ -55,8 +55,8 @@ KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=${SERVICE_CLUSTER_IP_RANGE}" | |||||||
| # to do admission control of resources into cluster. | # to do admission control of resources into cluster. | ||||||
| # Comma-delimited list of: | # Comma-delimited list of: | ||||||
| #   LimitRanger, AlwaysDeny, SecurityContextDeny, NamespaceExists, | #   LimitRanger, AlwaysDeny, SecurityContextDeny, NamespaceExists, | ||||||
| #   NamespaceLifecycle, NamespaceAutoProvision, | #   NamespaceLifecycle, NamespaceAutoProvision, AlwaysAdmit, | ||||||
| #   AlwaysAdmit, ServiceAccount, ResourceQuota, DefaultStorageClass | #   ServiceAccount, ResourceQuota, DefaultStorageClass, DefaultTolerationSeconds | ||||||
| KUBE_ADMISSION_CONTROL="--admission-control=${ADMISSION_CONTROL}" | KUBE_ADMISSION_CONTROL="--admission-control=${ADMISSION_CONTROL}" | ||||||
|  |  | ||||||
| # --client-ca-file="": If set, any request presenting a client certificate signed | # --client-ca-file="": If set, any request presenting a client certificate signed | ||||||
|   | |||||||
| @@ -167,7 +167,7 @@ ENABLE_RESCHEDULER="${KUBE_ENABLE_RESCHEDULER:-true}" | |||||||
|  |  | ||||||
| # Admission Controllers to invoke prior to persisting objects in cluster | # Admission Controllers to invoke prior to persisting objects in cluster | ||||||
| # If we included ResourceQuota, we should keep it at the end of the list to prevent incrementing quota usage prematurely. | # If we included ResourceQuota, we should keep it at the end of the list to prevent incrementing quota usage prematurely. | ||||||
| ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota | ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds | ||||||
|  |  | ||||||
| # Optional: if set to true kube-up will automatically check for existing resources and clean them up. | # Optional: if set to true kube-up will automatically check for existing resources and clean them up. | ||||||
| KUBE_UP_AUTOMATIC_CLEANUP=${KUBE_UP_AUTOMATIC_CLEANUP:-false} | KUBE_UP_AUTOMATIC_CLEANUP=${KUBE_UP_AUTOMATIC_CLEANUP:-false} | ||||||
|   | |||||||
| @@ -191,7 +191,7 @@ fi | |||||||
| ENABLE_RESCHEDULER="${KUBE_ENABLE_RESCHEDULER:-true}" | ENABLE_RESCHEDULER="${KUBE_ENABLE_RESCHEDULER:-true}" | ||||||
|  |  | ||||||
| # If we included ResourceQuota, we should keep it at the end of the list to prevent incrementing quota usage prematurely. | # If we included ResourceQuota, we should keep it at the end of the list to prevent incrementing quota usage prematurely. | ||||||
| ADMISSION_CONTROL="${KUBE_ADMISSION_CONTROL:-NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota}" | ADMISSION_CONTROL="${KUBE_ADMISSION_CONTROL:-NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds}" | ||||||
|  |  | ||||||
| # Optional: if set to true kube-up will automatically check for existing resources and clean them up. | # Optional: if set to true kube-up will automatically check for existing resources and clean them up. | ||||||
| KUBE_UP_AUTOMATIC_CLEANUP=${KUBE_UP_AUTOMATIC_CLEANUP:-false} | KUBE_UP_AUTOMATIC_CLEANUP=${KUBE_UP_AUTOMATIC_CLEANUP:-false} | ||||||
|   | |||||||
| @@ -38,7 +38,7 @@ | |||||||
|         "--service-cluster-ip-range=10.0.0.1/24", |         "--service-cluster-ip-range=10.0.0.1/24", | ||||||
|         "--insecure-bind-address=0.0.0.0", |         "--insecure-bind-address=0.0.0.0", | ||||||
|         "--etcd-servers=http://127.0.0.1:2379", |         "--etcd-servers=http://127.0.0.1:2379", | ||||||
|         "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota", |         "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds", | ||||||
|         "--client-ca-file=/srv/kubernetes/ca.crt", |         "--client-ca-file=/srv/kubernetes/ca.crt", | ||||||
|         "--basic-auth-file=/srv/kubernetes/basic_auth.csv", |         "--basic-auth-file=/srv/kubernetes/basic_auth.csv", | ||||||
|         "--min-request-timeout=300", |         "--min-request-timeout=300", | ||||||
|   | |||||||
| @@ -37,7 +37,7 @@ | |||||||
|         "--service-cluster-ip-range=10.0.0.1/24", |         "--service-cluster-ip-range=10.0.0.1/24", | ||||||
|         "--insecure-bind-address=127.0.0.1", |         "--insecure-bind-address=127.0.0.1", | ||||||
|         "--etcd-servers=http://127.0.0.1:2379", |         "--etcd-servers=http://127.0.0.1:2379", | ||||||
|         "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota", |         "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds", | ||||||
|         "--client-ca-file=/srv/kubernetes/ca.crt", |         "--client-ca-file=/srv/kubernetes/ca.crt", | ||||||
|         "--basic-auth-file=/srv/kubernetes/basic_auth.csv", |         "--basic-auth-file=/srv/kubernetes/basic_auth.csv", | ||||||
|         "--min-request-timeout=300", |         "--min-request-timeout=300", | ||||||
|   | |||||||
| @@ -11,7 +11,7 @@ KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1" | |||||||
| KUBE_API_PORT="--insecure-port=8080" | KUBE_API_PORT="--insecure-port=8080" | ||||||
|  |  | ||||||
| # default admission control policies | # default admission control policies | ||||||
| KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota" | KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,DefaultTolerationSeconds" | ||||||
|  |  | ||||||
| # Add your own! | # Add your own! | ||||||
| KUBE_API_ARGS="{{ kube_apiserver_flags }}" | KUBE_API_ARGS="{{ kube_apiserver_flags }}" | ||||||
|   | |||||||
| @@ -27,7 +27,7 @@ source "$KUBE_ROOT/cluster/common.sh" | |||||||
|  |  | ||||||
| export LIBVIRT_DEFAULT_URI=qemu:///system | export LIBVIRT_DEFAULT_URI=qemu:///system | ||||||
| export SERVICE_ACCOUNT_LOOKUP=${SERVICE_ACCOUNT_LOOKUP:-false} | export SERVICE_ACCOUNT_LOOKUP=${SERVICE_ACCOUNT_LOOKUP:-false} | ||||||
| export ADMISSION_CONTROL=${ADMISSION_CONTROL:-NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota} | export ADMISSION_CONTROL=${ADMISSION_CONTROL:-NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds} | ||||||
| readonly POOL=kubernetes | readonly POOL=kubernetes | ||||||
| readonly POOL_PATH=/var/lib/libvirt/images/kubernetes | readonly POOL_PATH=/var/lib/libvirt/images/kubernetes | ||||||
|  |  | ||||||
|   | |||||||
| @@ -58,7 +58,7 @@ write_files: | |||||||
|       enable_dns_horizontal_autoscaler: "false" |       enable_dns_horizontal_autoscaler: "false" | ||||||
|       federations_domain_map: '' |       federations_domain_map: '' | ||||||
|       instance_prefix: kubernetes |       instance_prefix: kubernetes | ||||||
|       admission_control: NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,DefaultStorageClass,ResourceQuota |       admission_control: NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds | ||||||
|       enable_cpu_cfs_quota: "true" |       enable_cpu_cfs_quota: "true" | ||||||
|       network_provider: none |       network_provider: none | ||||||
|       cluster_cidr: "$cluster_cidr" |       cluster_cidr: "$cluster_cidr" | ||||||
|   | |||||||
| @@ -123,5 +123,5 @@ federations_domain_map: '' | |||||||
| e2e_storage_test_environment: "${E2E_STORAGE_TEST_ENVIRONMENT:-false}" | e2e_storage_test_environment: "${E2E_STORAGE_TEST_ENVIRONMENT:-false}" | ||||||
| cluster_cidr: "$NODE_IP_RANGES" | cluster_cidr: "$NODE_IP_RANGES" | ||||||
| allocate_node_cidrs: "${ALLOCATE_NODE_CIDRS:-true}" | allocate_node_cidrs: "${ALLOCATE_NODE_CIDRS:-true}" | ||||||
| admission_control: NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,DefaultStorageClass,ResourceQuota | admission_control: NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds | ||||||
| EOF | EOF | ||||||
|   | |||||||
| @@ -136,7 +136,7 @@ coreos: | |||||||
|         --v=2 \ |         --v=2 \ | ||||||
|         --service-account-key-file=/var/run/kubernetes/kube-serviceaccount.key \ |         --service-account-key-file=/var/run/kubernetes/kube-serviceaccount.key \ | ||||||
|         --service-account-lookup=false \ |         --service-account-lookup=false \ | ||||||
|         --admission-control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota |         --admission-control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,DefaultTolerationSeconds | ||||||
|         Restart=always |         Restart=always | ||||||
|         RestartSec=5 |         RestartSec=5 | ||||||
|     - name: apiserver-advertiser.service |     - name: apiserver-advertiser.service | ||||||
|   | |||||||
| @@ -84,7 +84,7 @@ FLANNEL_OTHER_NET_CONFIG=${FLANNEL_OTHER_NET_CONFIG:-""} | |||||||
| # for release >= 1.4.0; see that doc for the recommended settings for | # for release >= 1.4.0; see that doc for the recommended settings for | ||||||
| # earlier releases. | # earlier releases. | ||||||
|  |  | ||||||
| export ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota | export ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds | ||||||
|  |  | ||||||
| # Path to the pod manifest file or directory of files of kubelet | # Path to the pod manifest file or directory of files of kubelet | ||||||
| export KUBELET_POD_MANIFEST_PATH=${KUBELET_POD_MANIFEST_PATH:-""} | export KUBELET_POD_MANIFEST_PATH=${KUBELET_POD_MANIFEST_PATH:-""} | ||||||
|   | |||||||
| @@ -56,7 +56,7 @@ MASTER_PASSWD="${MASTER_PASSWD:-vagrant}" | |||||||
|  |  | ||||||
| # Admission Controllers to invoke prior to persisting objects in cluster | # Admission Controllers to invoke prior to persisting objects in cluster | ||||||
| # If we included ResourceQuota, we should keep it at the end of the list to prevent incrementing quota usage prematurely. | # If we included ResourceQuota, we should keep it at the end of the list to prevent incrementing quota usage prematurely. | ||||||
| ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota | ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds | ||||||
|  |  | ||||||
| # Optional: Enable node logging. | # Optional: Enable node logging. | ||||||
| ENABLE_NODE_LOGGING=false | ENABLE_NODE_LOGGING=false | ||||||
|   | |||||||
| @@ -35,6 +35,7 @@ go_library( | |||||||
|         "//plugin/pkg/admission/admit:go_default_library", |         "//plugin/pkg/admission/admit:go_default_library", | ||||||
|         "//plugin/pkg/admission/alwayspullimages:go_default_library", |         "//plugin/pkg/admission/alwayspullimages:go_default_library", | ||||||
|         "//plugin/pkg/admission/antiaffinity:go_default_library", |         "//plugin/pkg/admission/antiaffinity:go_default_library", | ||||||
|  |         "//plugin/pkg/admission/defaulttolerationseconds:go_default_library", | ||||||
|         "//plugin/pkg/admission/deny:go_default_library", |         "//plugin/pkg/admission/deny:go_default_library", | ||||||
|         "//plugin/pkg/admission/exec:go_default_library", |         "//plugin/pkg/admission/exec:go_default_library", | ||||||
|         "//plugin/pkg/admission/gc:go_default_library", |         "//plugin/pkg/admission/gc:go_default_library", | ||||||
|   | |||||||
| @@ -27,6 +27,7 @@ import ( | |||||||
| 	_ "k8s.io/kubernetes/plugin/pkg/admission/admit" | 	_ "k8s.io/kubernetes/plugin/pkg/admission/admit" | ||||||
| 	_ "k8s.io/kubernetes/plugin/pkg/admission/alwayspullimages" | 	_ "k8s.io/kubernetes/plugin/pkg/admission/alwayspullimages" | ||||||
| 	_ "k8s.io/kubernetes/plugin/pkg/admission/antiaffinity" | 	_ "k8s.io/kubernetes/plugin/pkg/admission/antiaffinity" | ||||||
|  | 	_ "k8s.io/kubernetes/plugin/pkg/admission/defaulttolerationseconds" | ||||||
| 	_ "k8s.io/kubernetes/plugin/pkg/admission/deny" | 	_ "k8s.io/kubernetes/plugin/pkg/admission/deny" | ||||||
| 	_ "k8s.io/kubernetes/plugin/pkg/admission/exec" | 	_ "k8s.io/kubernetes/plugin/pkg/admission/exec" | ||||||
| 	_ "k8s.io/kubernetes/plugin/pkg/admission/gc" | 	_ "k8s.io/kubernetes/plugin/pkg/admission/gc" | ||||||
|   | |||||||
| @@ -304,7 +304,7 @@ func getAPIServerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted bool) [ | |||||||
|  |  | ||||||
| 	command = append(getComponentBaseCommand(apiServer), | 	command = append(getComponentBaseCommand(apiServer), | ||||||
| 		"--insecure-bind-address=127.0.0.1", | 		"--insecure-bind-address=127.0.0.1", | ||||||
| 		"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota", | 		"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds", | ||||||
| 		"--service-cluster-ip-range="+cfg.Networking.ServiceSubnet, | 		"--service-cluster-ip-range="+cfg.Networking.ServiceSubnet, | ||||||
| 		"--service-account-key-file="+getCertFilePath(kubeadmconstants.ServiceAccountPublicKeyName), | 		"--service-account-key-file="+getCertFilePath(kubeadmconstants.ServiceAccountPublicKeyName), | ||||||
| 		"--client-ca-file="+getCertFilePath(kubeadmconstants.CACertName), | 		"--client-ca-file="+getCertFilePath(kubeadmconstants.CACertName), | ||||||
|   | |||||||
| @@ -370,7 +370,7 @@ func TestGetAPIServerCommand(t *testing.T) { | |||||||
| 			expected: []string{ | 			expected: []string{ | ||||||
| 				"kube-apiserver", | 				"kube-apiserver", | ||||||
| 				"--insecure-bind-address=127.0.0.1", | 				"--insecure-bind-address=127.0.0.1", | ||||||
| 				"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota", | 				"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds", | ||||||
| 				"--service-cluster-ip-range=bar", | 				"--service-cluster-ip-range=bar", | ||||||
| 				"--service-account-key-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/sa.pub", | 				"--service-account-key-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/sa.pub", | ||||||
| 				"--client-ca-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.crt", | 				"--client-ca-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.crt", | ||||||
| @@ -399,7 +399,7 @@ func TestGetAPIServerCommand(t *testing.T) { | |||||||
| 			expected: []string{ | 			expected: []string{ | ||||||
| 				"kube-apiserver", | 				"kube-apiserver", | ||||||
| 				"--insecure-bind-address=127.0.0.1", | 				"--insecure-bind-address=127.0.0.1", | ||||||
| 				"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota", | 				"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds", | ||||||
| 				"--service-cluster-ip-range=bar", | 				"--service-cluster-ip-range=bar", | ||||||
| 				"--service-account-key-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/sa.pub", | 				"--service-account-key-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/sa.pub", | ||||||
| 				"--client-ca-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.crt", | 				"--client-ca-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.crt", | ||||||
| @@ -430,7 +430,7 @@ func TestGetAPIServerCommand(t *testing.T) { | |||||||
| 			expected: []string{ | 			expected: []string{ | ||||||
| 				"kube-apiserver", | 				"kube-apiserver", | ||||||
| 				"--insecure-bind-address=127.0.0.1", | 				"--insecure-bind-address=127.0.0.1", | ||||||
| 				"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota", | 				"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds", | ||||||
| 				"--service-cluster-ip-range=bar", | 				"--service-cluster-ip-range=bar", | ||||||
| 				"--service-account-key-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/sa.pub", | 				"--service-account-key-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/sa.pub", | ||||||
| 				"--client-ca-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.crt", | 				"--client-ca-file=" + kubeadmapi.GlobalEnvParams.HostPKIPath + "/ca.crt", | ||||||
|   | |||||||
| @@ -374,7 +374,7 @@ function start_apiserver { | |||||||
|     fi |     fi | ||||||
|  |  | ||||||
|     # Admission Controllers to invoke prior to persisting objects in cluster |     # Admission Controllers to invoke prior to persisting objects in cluster | ||||||
|     ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount${security_admission},ResourceQuota,DefaultStorageClass |     ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount${security_admission},ResourceQuota,DefaultStorageClass,DefaultTolerationSeconds | ||||||
|  |  | ||||||
|     # This is the default dir and filename where the apiserver will generate a self-signed cert |     # This is the default dir and filename where the apiserver will generate a self-signed cert | ||||||
|     # which should be able to be used as the CA to verify itself |     # which should be able to be used as the CA to verify itself | ||||||
|   | |||||||
| @@ -30,7 +30,7 @@ import ( | |||||||
|  |  | ||||||
| var ( | var ( | ||||||
| 	defaultNotReadyTolerationSeconds = flag.Int64("default-not-ready-toleration-seconds", 300, | 	defaultNotReadyTolerationSeconds = flag.Int64("default-not-ready-toleration-seconds", 300, | ||||||
| 		"Indicates the tolerationSeconds of the toleration for `notReady:NoExecute`"+ | 		"Indicates the tolerationSeconds of the toleration for notReady:NoExecute"+ | ||||||
| 			" that is added by default to every pod that does not already have such a toleration.") | 			" that is added by default to every pod that does not already have such a toleration.") | ||||||
|  |  | ||||||
| 	defaultUnreachableTolerationSeconds = flag.Int64("default-unreachable-toleration-seconds", 300, | 	defaultUnreachableTolerationSeconds = flag.Int64("default-unreachable-toleration-seconds", 300, | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Kevin
					Kevin