Enable defaut recommended admission plugins #697
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR enables the default recommended admission controller
plugins for kubernetes. In addition, it includes the plugins
from kubeadm (NodeRestriction) and lastly, it adds the
PodSecurityPolicy plugin since skuba is using it.
Why is this PR needed?
Fixes https://github.com/SUSE/avant-garde/issues/220
Fixes https://github.com/SUSE/avant-garde/issues/569
Anything else a reviewer needs to know?
Special test cases, manual steps, links to resources or anything else that could be helpful to the reviewer.
Info for QA
As agreed, we will cover only the sonobuoy tests as minimum sufficient coverage for that. Here's my results:
Related info
Status BEFORE applying the patch
kube-apiserver should be running
only NodeRestriction and PodSecurityPolicy admission plugins are loaded
Status AFTER applying the patch
kube-apiserver should be running:
Make sure it loads the new plugins:
Docs
SUSE/doc-caasp#477
Merge restrictions
(Please do not edit this)
We are in v4-maintenance phase, so we will restrict what can be merged to prevent unexpected surprises: