From 13cd82df85dd68f633f763f2f1c6f6c331d88036 Mon Sep 17 00:00:00 2001
From: pidah <Peter.idah@gmail.com>
Date: Thu, 21 Dec 2017 22:52:09 +0000
Subject: [PATCH] add DenyEscalatingExec admission controller (#1961)

---
 parts/k8s/manifests/kubernetesmaster-kube-apiserver.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/parts/k8s/manifests/kubernetesmaster-kube-apiserver.yaml b/parts/k8s/manifests/kubernetesmaster-kube-apiserver.yaml
index 7b391c994f..da9cd8a254 100644
--- a/parts/k8s/manifests/kubernetesmaster-kube-apiserver.yaml
+++ b/parts/k8s/manifests/kubernetesmaster-kube-apiserver.yaml
@@ -11,10 +11,10 @@ spec:
   containers:
     - name: "kube-apiserver"
       image: "<kubernetesHyperkubeSpec>"
-      command: 
+      command:
         - "/hyperkube"
         - "apiserver"
-        - "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota"
+        - "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DenyEscalatingExec"
         - "--address=0.0.0.0"
         - "--allow-privileged"
         - "--insecure-port=8080"